Virus isuisse
Dernière réponse : dans Sécurité
Bonjour à tous,
J'ai chopé le virus isuisse sur msn, je n'arrive pas à le supprimer, avez vous des pistes?
Je vous remercie.
J'ai chopé le virus isuisse sur msn, je n'arrive pas à le supprimer, avez vous des pistes?
Je vous remercie.
Autres pages sur : virus isuisse
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Bonjour, voici le rapport de msnfix
MSNFix 1.678-c
C:\Documents and Settings\Alexandre BERNARD\Bureau\MSNFix\MSNFix
Fix exécuté le 10/03/2008 - 19:07:54,18 By Alexandre BERNARD
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
... C:\WINDOWS\system32\real.txt
************************ Recherche les dossiers présents
... \TEMP\
... C:\Temp\
************************ Suppression des fichiers
/!\ ... C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\real.txt
************************ Suppression des dossiers
/!\ ... \TEMP\
/!\ ... C:\Temp\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10032008_19123801.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
MSNFix 1.678-c
C:\Documents and Settings\Alexandre BERNARD\Bureau\MSNFix\MSNFix
Fix exécuté le 10/03/2008 - 19:07:54,18 By Alexandre BERNARD
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
... C:\WINDOWS\system32\real.txt
************************ Recherche les dossiers présents
... \TEMP\
... C:\Temp\
************************ Suppression des fichiers
/!\ ... C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\real.txt
************************ Suppression des dossiers
/!\ ... \TEMP\
/!\ ... C:\Temp\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10032008_19123801.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Re,
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:22, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
--
End of file - 10369 bytes
Scan saved at 19:36:22, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
--
End of file - 10369 bytes
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
ComboFix 08-03-10.1 - Alexandre BERNARD 2008-03-10 19:55:15.3 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.226 [GMT 1:00]
Endroit: C:\Documents and Settings\Alexandre BERNARD\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.
2008-03-10 00:36 . 2008-03-10 00:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-10 00:33 . 2008-03-10 00:33 <REP> d--hs---- C:\FOUND.014
2008-03-06 21:36 . 2008-03-06 21:36 <REP> d--hs---- C:\FOUND.013
2008-03-06 21:22 . 2008-03-06 21:22 <REP> d-------- C:\Program Files\Alwil Software
2008-03-06 21:22 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-06 21:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-06 21:22 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-06 21:22 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-06 21:22 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-06 21:22 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-06 21:22 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-06 21:22 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-06 21:22 . 2008-03-06 21:22 51 --a------ C:\WINDOWS\system32\config.nt
2008-03-06 20:07 . 2008-03-06 20:07 <REP> d--hs---- C:\FOUND.012
2008-03-06 19:41 . 2008-03-06 19:41 <REP> d--hs---- C:\FOUND.011
2008-03-06 19:31 . 2008-03-06 19:31 <REP> d-------- C:\Program Files\Motherboard Monitor 5
2008-03-06 12:47 . 2008-03-06 12:47 <REP> d--hs---- C:\FOUND.010
2008-03-05 22:17 . 2008-03-05 22:17 <REP> d--hs---- C:\FOUND.009
2008-03-05 20:33 . 2008-03-05 20:33 <REP> d--hs---- C:\FOUND.008
2008-03-05 20:03 . 2008-03-05 20:03 <REP> d--hs---- C:\FOUND.007
2008-03-05 16:35 . 2008-03-05 16:35 <REP> d--hs---- C:\FOUND.006
2008-03-04 12:37 . 2008-03-04 12:37 <REP> d-------- C:\Program Files\MSXML 6.0
2008-03-04 11:30 . 2008-03-04 11:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-03-04 11:07 . 2008-03-04 11:07 <REP> d-------- C:\BackUpMSNCleaner
2008-03-04 10:55 . 2008-03-04 10:55 <REP> d--hs---- C:\FOUND.005
2008-03-04 09:59 . 2008-03-04 09:59 <REP> d-------- C:\Program Files\CCleaner
2008-03-04 07:25 . 2008-03-04 07:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 07:25 . 2008-03-04 07:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-28 21:39 . 2008-02-28 21:39 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\WINDOWS\Symbols
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\HTML Help Workshop
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Business Objects
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\CE Remote Tools
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PreEmptive Solutions
2008-02-28 21:22 . 2008-02-28 21:22 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-28 21:18 . 2008-02-28 21:18 <REP> d-------- C:\Program Files\Fichiers communs\WhenU
2008-02-28 21:15 . 2008-02-28 21:15 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-28 19:51 . 2008-02-28 19:51 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD1
2008-02-28 19:24 . 2008-02-28 19:24 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD2
2008-02-13 12:51 . 2008-02-13 12:51 <REP> d--hs---- C:\FOUND.004
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 18:56 --------- d-----w C:\Program Files\Canon
2008-01-29 18:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon
2008-01-21 21:20 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-01-21 21:20 --------- d-----w C:\Program Files\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2008-01-21 20:55 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\River Past G5
2008-01-21 20:55 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
2008-01-21 18:09 --------- d-----w C:\Program Files\Red Kawa
2008-01-21 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-21 14:41 --------- d-----w C:\Program Files\iTunes
2008-01-21 14:41 --------- d-----w C:\Program Files\iPod
2008-01-21 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-21 14:31 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\Apple Computer
2008-01-21 14:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-01-21 14:29 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-01-21 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-01-21 14:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-08-28 13:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_19.48.00.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-10 18:51:30 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_564.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ErrorSafeFree"="C:\Program Files\ErrorSafe Free\uers.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 10:31 397312]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 15:29 167936]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-03 17:10:23 110592]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\ALEX\\blobby\\volley.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
*Newly Created Service* - INT15.SYS
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 19:58:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
"ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00R\02pè\13\00pè\13\00\18î‘|ðô
[\02ÿÿÿÿm\05’|x\01\15\00\00\00\15\00\00\00\00\00ö\1b"
.
Temps d'accomplissement: 2008-03-10 19:59:53
ComboFix-quarantined-files.txt 2008-03-10 18:59:50
ComboFix2.txt 2008-03-10 18:48:22
.
2008-03-09 23:46:26 --- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.226 [GMT 1:00]
Endroit: C:\Documents and Settings\Alexandre BERNARD\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.
2008-03-10 00:36 . 2008-03-10 00:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-10 00:33 . 2008-03-10 00:33 <REP> d--hs---- C:\FOUND.014
2008-03-06 21:36 . 2008-03-06 21:36 <REP> d--hs---- C:\FOUND.013
2008-03-06 21:22 . 2008-03-06 21:22 <REP> d-------- C:\Program Files\Alwil Software
2008-03-06 21:22 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-06 21:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-06 21:22 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-06 21:22 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-06 21:22 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-06 21:22 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-06 21:22 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-06 21:22 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-06 21:22 . 2008-03-06 21:22 51 --a------ C:\WINDOWS\system32\config.nt
2008-03-06 20:07 . 2008-03-06 20:07 <REP> d--hs---- C:\FOUND.012
2008-03-06 19:41 . 2008-03-06 19:41 <REP> d--hs---- C:\FOUND.011
2008-03-06 19:31 . 2008-03-06 19:31 <REP> d-------- C:\Program Files\Motherboard Monitor 5
2008-03-06 12:47 . 2008-03-06 12:47 <REP> d--hs---- C:\FOUND.010
2008-03-05 22:17 . 2008-03-05 22:17 <REP> d--hs---- C:\FOUND.009
2008-03-05 20:33 . 2008-03-05 20:33 <REP> d--hs---- C:\FOUND.008
2008-03-05 20:03 . 2008-03-05 20:03 <REP> d--hs---- C:\FOUND.007
2008-03-05 16:35 . 2008-03-05 16:35 <REP> d--hs---- C:\FOUND.006
2008-03-04 12:37 . 2008-03-04 12:37 <REP> d-------- C:\Program Files\MSXML 6.0
2008-03-04 11:30 . 2008-03-04 11:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-03-04 11:07 . 2008-03-04 11:07 <REP> d-------- C:\BackUpMSNCleaner
2008-03-04 10:55 . 2008-03-04 10:55 <REP> d--hs---- C:\FOUND.005
2008-03-04 09:59 . 2008-03-04 09:59 <REP> d-------- C:\Program Files\CCleaner
2008-03-04 07:25 . 2008-03-04 07:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 07:25 . 2008-03-04 07:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-28 21:39 . 2008-02-28 21:39 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\WINDOWS\Symbols
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\HTML Help Workshop
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Business Objects
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\CE Remote Tools
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PreEmptive Solutions
2008-02-28 21:22 . 2008-02-28 21:22 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-28 21:18 . 2008-02-28 21:18 <REP> d-------- C:\Program Files\Fichiers communs\WhenU
2008-02-28 21:15 . 2008-02-28 21:15 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-28 19:51 . 2008-02-28 19:51 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD1
2008-02-28 19:24 . 2008-02-28 19:24 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD2
2008-02-13 12:51 . 2008-02-13 12:51 <REP> d--hs---- C:\FOUND.004
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 18:56 --------- d-----w C:\Program Files\Canon
2008-01-29 18:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon
2008-01-21 21:20 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-01-21 21:20 --------- d-----w C:\Program Files\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2008-01-21 20:55 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\River Past G5
2008-01-21 20:55 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
2008-01-21 18:09 --------- d-----w C:\Program Files\Red Kawa
2008-01-21 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-21 14:41 --------- d-----w C:\Program Files\iTunes
2008-01-21 14:41 --------- d-----w C:\Program Files\iPod
2008-01-21 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-21 14:31 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\Apple Computer
2008-01-21 14:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-01-21 14:29 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-01-21 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-01-21 14:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-08-28 13:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_19.48.00.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-10 18:51:30 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_564.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ErrorSafeFree"="C:\Program Files\ErrorSafe Free\uers.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 10:31 397312]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 15:29 167936]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-03 17:10:23 110592]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\ALEX\\blobby\\volley.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
*Newly Created Service* - INT15.SYS
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 19:58:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
"ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00R\02pè\13\00pè\13\00\18î‘|ðô
[\02ÿÿÿÿm\05’|x\01\15\00\00\00\15\00\00\00\00\00ö\1b"
.
Temps d'accomplissement: 2008-03-10 19:59:53
ComboFix-quarantined-files.txt 2008-03-10 18:59:50
ComboFix2.txt 2008-03-10 18:48:22
.
2008-03-09 23:46:26 --- E O F ---
Re,
Télécharge BTFix ([#ff0000]Bibi26[/#f]).
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
Télécharge BTFix ([#ff0000]Bibi26[/#f]).
Dézippe l'archive sur ton Bureau.
Re,
Ouvre à nouveau BTFix.
Clique sur Nettoyer.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
&
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
&
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
BTFix 1.085 (par bibi26) - 11/03/2008 12:09:30 - Nettoyage - Mode normal
Lancé depuis C:\Documents and Settings\Alexandre BERNARD\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés (Première passe)
- Fichiers temporaires effacés
- C:\Program Files\Fichiers communs\WhenU\
---> Nettoyage terminé
Lancé depuis C:\Documents and Settings\Alexandre BERNARD\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés (Première passe)
- Fichiers temporaires effacés
- C:\Program Files\Fichiers communs\WhenU\
---> Nettoyage terminé
AntiVir PersonalEdition Classic
Report file date: mardi 11 mars 2008 17:36
Scanning for 1142431 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Alexandre BERNARD
Computer name: ALEX
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 12:28:46
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 12:28:46
ANTIVIR3.VDF : 7.0.3.16 76800 Bytes 11/03/2008 12:28:46
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 11/03/2008 12:28:46
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/03/2008 12:28:46
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 11 mars 2008 17:36
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'FIREFOX.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ScsiAccess.EXE' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'SQLSERVR.EXE' - '1' Module(s) have been scanned
Scan process 'MPSERVIC.EXE' - '1' Module(s) have been scanned
Scan process 'KodakCCS.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'admServ.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'ADMTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned
Scan process 'WButton.exe' - '1' Module(s) have been scanned
Scan process 'OSDCtrl.exe' - '1' Module(s) have been scanned
Scan process 'HotkeyApp.exe' - '1' Module(s) have been scanned
Scan process 'Powerkey.exe' - '1' Module(s) have been scanned
Scan process 'LaunchAp.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'IGFXPERS.EXE' - '1' Module(s) have been scanned
Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '40' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\catchme2008-03-10_194748.12.zip
[0] Archive type: ZIP
--> services.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '484abda1.qua'!
Begin scan in 'D:\' <ACERDATA>
End of the scan: mardi 11 mars 2008 18:26
Used time: 49:48 min
The scan has been done completely.
8412 Scanning directories
278939 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
278938 Files not concerned
7794 Archives were scanned
3 Warnings
0 Notes
ComboFix 08-03-10.1 - Alexandre BERNARD 2008-03-11 19:46:46.4 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.195 [GMT 1:00]
Endroit: C:\Documents and Settings\Alexandre BERNARD\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
.
2008-03-11 13:27 . 2008-03-11 13:27 <REP> d-------- C:\Program Files\Avira
2008-03-10 00:36 . 2008-03-10 00:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-10 00:33 . 2008-03-10 00:33 <REP> d--hs---- C:\FOUND.014
2008-03-06 21:36 . 2008-03-06 21:36 <REP> d--hs---- C:\FOUND.013
2008-03-06 21:22 . 2008-03-06 21:22 <REP> d-------- C:\Program Files\Alwil Software
2008-03-06 21:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-06 21:22 . 2008-03-11 12:11 2 --a------ C:\WINDOWS\system32\config.nt
2008-03-06 20:07 . 2008-03-06 20:07 <REP> d--hs---- C:\FOUND.012
2008-03-06 19:41 . 2008-03-06 19:41 <REP> d--hs---- C:\FOUND.011
2008-03-06 19:31 . 2008-03-06 19:31 <REP> d-------- C:\Program Files\Motherboard Monitor 5
2008-03-06 12:47 . 2008-03-06 12:47 <REP> d--hs---- C:\FOUND.010
2008-03-05 22:17 . 2008-03-05 22:17 <REP> d--hs---- C:\FOUND.009
2008-03-05 20:33 . 2008-03-05 20:33 <REP> d--hs---- C:\FOUND.008
2008-03-05 20:03 . 2008-03-05 20:03 <REP> d--hs---- C:\FOUND.007
2008-03-05 16:35 . 2008-03-05 16:35 <REP> d--hs---- C:\FOUND.006
2008-03-04 12:37 . 2008-03-04 12:37 <REP> d-------- C:\Program Files\MSXML 6.0
2008-03-04 11:30 . 2008-03-04 11:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-03-04 11:07 . 2008-03-04 11:07 <REP> d-------- C:\BackUpMSNCleaner
2008-03-04 10:55 . 2008-03-04 10:55 <REP> d--hs---- C:\FOUND.005
2008-03-04 09:59 . 2008-03-04 09:59 <REP> d-------- C:\Program Files\CCleaner
2008-03-04 07:25 . 2008-03-04 07:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 07:25 . 2008-03-04 07:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-28 21:39 . 2008-02-28 21:39 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\WINDOWS\Symbols
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\HTML Help Workshop
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Business Objects
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\CE Remote Tools
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PreEmptive Solutions
2008-02-28 21:22 . 2008-02-28 21:22 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-28 21:15 . 2008-02-28 21:15 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-28 19:51 . 2008-02-28 19:51 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD1
2008-02-28 19:24 . 2008-02-28 19:24 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD2
2008-02-13 12:51 . 2008-02-13 12:51 <REP> d--hs---- C:\FOUND.004
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 18:56 --------- d-----w C:\Program Files\Canon
2008-01-29 18:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon
2008-01-21 21:20 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-01-21 21:20 --------- d-----w C:\Program Files\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2008-01-21 20:55 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\River Past G5
2008-01-21 20:55 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
2008-01-21 18:09 --------- d-----w C:\Program Files\Red Kawa
2008-01-21 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-21 14:41 --------- d-----w C:\Program Files\iTunes
2008-01-21 14:41 --------- d-----w C:\Program Files\iPod
2008-01-21 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-21 14:31 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\Apple Computer
2008-01-21 14:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-01-21 14:29 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-01-21 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-01-21 14:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-08-28 13:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_19.48.00.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-25 08:38:54 124,928 ------w C:\WINDOWS\system32\advpack.dll
+ 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-05 06:00:00 581,120 ------w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:19:28 582,656 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2006-12-19 21:49:48 8,509,952 ------w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:43:26 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-08-09 12:04:12 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:20 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-11 12:28:46 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:38 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2007-03-08 16:37:50 281,600 ------w C:\WINDOWS\system32\gdi32.dll
+ 2007-06-19 13:32:26 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2006-10-17 10:58:20 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-04-25 08:39:00 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-04-25 08:39:24 6,058,496 ------w C:\WINDOWS\system32\ieframe.dll
+ 2007-12-07 02:08:34 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-04-25 08:39:26 267,776 ------w C:\WINDOWS\system32\iertutil.dll
+ 2007-12-07 02:08:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-04-25 08:39:36 459,264 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2007-12-07 02:08:34 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-04-25 08:39:36 52,224 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-12-07 02:08:34 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-05-08 09:59:02 3,583,488 ------w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-08 05:08:36 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-09-13 05:03:06 1,084,416 ------w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:09:14 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2004-08-05 04:00:00 581,120 ------w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:19:28 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2006-12-19 21:49:48 8,509,952 ------w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:43:26 8,516,608 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-04-25 08:40:14 105,984 ------w C:\WINDOWS\system32\url.dll
+ 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-04-25 08:40:18 1,152,000 ------w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-04-25 08:40:26 822,784 ------w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
- 2004-08-05 04:00:00 230,400 ------w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-25 09:00:50 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-12-07 16:02:24 2,174,976 ------w C:\WINDOWS\system32\wmvcore.dll
+ 2007-10-25 09:01:10 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2007-03-09 12:51:20 265,216 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ErrorSafeFree"="C:\Program Files\ErrorSafe Free\uers.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 10:31 397312]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 15:29 167936]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-11 13:28 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-03 17:10:23 110592]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\ALEX\\blobby\\volley.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
*Newly Created Service* - INT15.SYS
*Newly Created Service* - SSMDRV
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 19:50:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
"ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00R\02pè\13\00pè\13\00\18î‘|ðô
[\02ÿÿÿÿm\05’|x\01\15\00\00\00\15\00\00\00\00\00ö\1b"
.
Temps d'accomplissement: 2008-03-11 19:51:12
ComboFix-quarantined-files.txt 2008-03-11 18:51:10
ComboFix3.txt 2008-03-10 18:48:22
ComboFix2.txt 2008-03-10 18:59:56
.
2008-03-10 21:22:14 --- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.195 [GMT 1:00]
Endroit: C:\Documents and Settings\Alexandre BERNARD\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
.
2008-03-11 13:27 . 2008-03-11 13:27 <REP> d-------- C:\Program Files\Avira
2008-03-10 00:36 . 2008-03-10 00:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-10 00:33 . 2008-03-10 00:33 <REP> d--hs---- C:\FOUND.014
2008-03-06 21:36 . 2008-03-06 21:36 <REP> d--hs---- C:\FOUND.013
2008-03-06 21:22 . 2008-03-06 21:22 <REP> d-------- C:\Program Files\Alwil Software
2008-03-06 21:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-06 21:22 . 2008-03-11 12:11 2 --a------ C:\WINDOWS\system32\config.nt
2008-03-06 20:07 . 2008-03-06 20:07 <REP> d--hs---- C:\FOUND.012
2008-03-06 19:41 . 2008-03-06 19:41 <REP> d--hs---- C:\FOUND.011
2008-03-06 19:31 . 2008-03-06 19:31 <REP> d-------- C:\Program Files\Motherboard Monitor 5
2008-03-06 12:47 . 2008-03-06 12:47 <REP> d--hs---- C:\FOUND.010
2008-03-05 22:17 . 2008-03-05 22:17 <REP> d--hs---- C:\FOUND.009
2008-03-05 20:33 . 2008-03-05 20:33 <REP> d--hs---- C:\FOUND.008
2008-03-05 20:03 . 2008-03-05 20:03 <REP> d--hs---- C:\FOUND.007
2008-03-05 16:35 . 2008-03-05 16:35 <REP> d--hs---- C:\FOUND.006
2008-03-04 12:37 . 2008-03-04 12:37 <REP> d-------- C:\Program Files\MSXML 6.0
2008-03-04 11:30 . 2008-03-04 11:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-03-04 11:07 . 2008-03-04 11:07 <REP> d-------- C:\BackUpMSNCleaner
2008-03-04 10:55 . 2008-03-04 10:55 <REP> d--hs---- C:\FOUND.005
2008-03-04 09:59 . 2008-03-04 09:59 <REP> d-------- C:\Program Files\CCleaner
2008-03-04 07:25 . 2008-03-04 07:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 07:25 . 2008-03-04 07:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-28 21:39 . 2008-02-28 21:39 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\WINDOWS\Symbols
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\HTML Help Workshop
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Business Objects
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\CE Remote Tools
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PreEmptive Solutions
2008-02-28 21:22 . 2008-02-28 21:22 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-28 21:15 . 2008-02-28 21:15 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-28 19:51 . 2008-02-28 19:51 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD1
2008-02-28 19:24 . 2008-02-28 19:24 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD2
2008-02-13 12:51 . 2008-02-13 12:51 <REP> d--hs---- C:\FOUND.004
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 18:56 --------- d-----w C:\Program Files\Canon
2008-01-29 18:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon
2008-01-21 21:20 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-01-21 21:20 --------- d-----w C:\Program Files\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2008-01-21 20:55 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\River Past G5
2008-01-21 20:55 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
2008-01-21 18:09 --------- d-----w C:\Program Files\Red Kawa
2008-01-21 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-21 14:41 --------- d-----w C:\Program Files\iTunes
2008-01-21 14:41 --------- d-----w C:\Program Files\iPod
2008-01-21 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-21 14:31 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\Apple Computer
2008-01-21 14:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-01-21 14:29 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-01-21 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-01-21 14:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-08-28 13:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_19.48.00.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-25 08:38:54 124,928 ------w C:\WINDOWS\system32\advpack.dll
+ 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-05 06:00:00 581,120 ------w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:19:28 582,656 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2006-12-19 21:49:48 8,509,952 ------w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:43:26 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-08-09 12:04:12 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:20 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-11 12:28:46 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:38 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2007-03-08 16:37:50 281,600 ------w C:\WINDOWS\system32\gdi32.dll
+ 2007-06-19 13:32:26 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2006-10-17 10:58:20 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-04-25 08:39:00 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-04-25 08:39:24 6,058,496 ------w C:\WINDOWS\system32\ieframe.dll
+ 2007-12-07 02:08:34 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-04-25 08:39:26 267,776 ------w C:\WINDOWS\system32\iertutil.dll
+ 2007-12-07 02:08:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-04-25 08:39:36 459,264 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2007-12-07 02:08:34 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-04-25 08:39:36 52,224 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-12-07 02:08:34 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-05-08 09:59:02 3,583,488 ------w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-08 05:08:36 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-09-13 05:03:06 1,084,416 ------w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:09:14 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2004-08-05 04:00:00 581,120 ------w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:19:28 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2006-12-19 21:49:48 8,509,952 ------w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:43:26 8,516,608 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-04-25 08:40:14 105,984 ------w C:\WINDOWS\system32\url.dll
+ 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-04-25 08:40:18 1,152,000 ------w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-04-25 08:40:26 822,784 ------w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
- 2004-08-05 04:00:00 230,400 ------w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-25 09:00:50 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-12-07 16:02:24 2,174,976 ------w C:\WINDOWS\system32\wmvcore.dll
+ 2007-10-25 09:01:10 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2007-03-09 12:51:20 265,216 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ErrorSafeFree"="C:\Program Files\ErrorSafe Free\uers.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 10:31 397312]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 15:29 167936]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-11 13:28 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-03 17:10:23 110592]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\ALEX\\blobby\\volley.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
*Newly Created Service* - INT15.SYS
*Newly Created Service* - SSMDRV
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 19:50:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
"ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00R\02pè\13\00pè\13\00\18î‘|ðô
[\02ÿÿÿÿm\05’|x\01\15\00\00\00\15\00\00\00\00\00ö\1b"
.
Temps d'accomplissement: 2008-03-11 19:51:12
ComboFix-quarantined-files.txt 2008-03-11 18:51:10
ComboFix3.txt 2008-03-10 18:48:22
ComboFix2.txt 2008-03-10 18:59:56
.
2008-03-10 21:22:14 --- E O F ---
Re,
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\Windows\RUNXMLPL.exe
Rootkit::
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
Folder::
C:\FOUND.014
C:\FOUND.013
C:\FOUND.012
C:\FOUND.011
C:\FOUND.010
C:\FOUND.009
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006
C:\Program Files\ErrorSafe Free
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"=-
C:\Windows\RUNXMLPL.exe
Rootkit::
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
Folder::
C:\FOUND.014
C:\FOUND.013
C:\FOUND.012
C:\FOUND.011
C:\FOUND.010
C:\FOUND.009
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006
C:\Program Files\ErrorSafe Free
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Rapport combofix je poste hijackthis après.
ComboFix 08-03-10.1 - Alexandre BERNARD 2008-03-11 20:54:27.5 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.160 [GMT 1:00]
Endroit: C:\Documents and Settings\Alexandre BERNARD\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alexandre BERNARD\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\Windows\RUNXMLPL.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
C:\FOUND.006
C:\FOUND.006\FILE0000.CHK
C:\FOUND.007
C:\FOUND.007\FILE0000.CHK
C:\FOUND.007\FILE0001.CHK
C:\FOUND.007\FILE0002.CHK
C:\FOUND.007\FILE0003.CHK
C:\FOUND.007\FILE0004.CHK
C:\FOUND.007\FILE0005.CHK
C:\FOUND.008
C:\FOUND.008\FILE0000.CHK
C:\FOUND.009
C:\FOUND.009\FILE0000.CHK
C:\FOUND.009\FILE0001.CHK
C:\FOUND.009\FILE0002.CHK
C:\FOUND.009\FILE0003.CHK
C:\FOUND.009\FILE0004.CHK
C:\FOUND.009\FILE0005.CHK
C:\FOUND.009\FILE0006.CHK
C:\FOUND.009\FILE0007.CHK
C:\FOUND.009\FILE0008.CHK
C:\FOUND.009\FILE0009.CHK
C:\FOUND.010
C:\FOUND.010\FILE0000.CHK
C:\FOUND.010\FILE0001.CHK
C:\FOUND.010\FILE0002.CHK
C:\FOUND.010\FILE0003.CHK
C:\FOUND.010\FILE0004.CHK
C:\FOUND.010\FILE0005.CHK
C:\FOUND.010\FILE0006.CHK
C:\FOUND.010\FILE0007.CHK
C:\FOUND.010\FILE0008.CHK
C:\FOUND.010\FILE0009.CHK
C:\FOUND.010\FILE0010.CHK
C:\FOUND.010\FILE0011.CHK
C:\FOUND.010\FILE0012.CHK
C:\FOUND.010\FILE0013.CHK
C:\FOUND.010\FILE0014.CHK
C:\FOUND.010\FILE0015.CHK
C:\FOUND.010\FILE0016.CHK
C:\FOUND.010\FILE0017.CHK
C:\FOUND.010\FILE0018.CHK
C:\FOUND.010\FILE0019.CHK
C:\FOUND.010\FILE0020.CHK
C:\FOUND.010\FILE0021.CHK
C:\FOUND.010\FILE0022.CHK
C:\FOUND.010\FILE0023.CHK
C:\FOUND.010\FILE0024.CHK
C:\FOUND.010\FILE0025.CHK
C:\FOUND.010\FILE0026.CHK
C:\FOUND.010\FILE0027.CHK
C:\FOUND.010\FILE0028.CHK
C:\FOUND.010\FILE0029.CHK
C:\FOUND.010\FILE0030.CHK
C:\FOUND.010\FILE0031.CHK
C:\FOUND.010\FILE0032.CHK
C:\FOUND.010\FILE0033.CHK
C:\FOUND.010\FILE0034.CHK
C:\FOUND.010\FILE0035.CHK
C:\FOUND.010\FILE0036.CHK
C:\FOUND.010\FILE0037.CHK
C:\FOUND.010\FILE0038.CHK
C:\FOUND.010\FILE0039.CHK
C:\FOUND.010\FILE0040.CHK
C:\FOUND.010\FILE0041.CHK
C:\FOUND.010\FILE0042.CHK
C:\FOUND.010\FILE0043.CHK
C:\FOUND.010\FILE0044.CHK
C:\FOUND.010\FILE0045.CHK
C:\FOUND.010\FILE0046.CHK
C:\FOUND.010\FILE0047.CHK
C:\FOUND.010\FILE0048.CHK
C:\FOUND.010\FILE0049.CHK
C:\FOUND.010\FILE0050.CHK
C:\FOUND.010\FILE0051.CHK
C:\FOUND.010\FILE0052.CHK
C:\FOUND.010\FILE0053.CHK
C:\FOUND.010\FILE0054.CHK
C:\FOUND.010\FILE0055.CHK
C:\FOUND.010\FILE0056.CHK
C:\FOUND.010\FILE0057.CHK
C:\FOUND.010\FILE0058.CHK
C:\FOUND.010\FILE0059.CHK
C:\FOUND.010\FILE0060.CHK
C:\FOUND.010\FILE0061.CHK
C:\FOUND.010\FILE0062.CHK
C:\FOUND.010\FILE0063.CHK
C:\FOUND.010\FILE0064.CHK
C:\FOUND.010\FILE0065.CHK
C:\FOUND.010\FILE0066.CHK
C:\FOUND.010\FILE0067.CHK
C:\FOUND.010\FILE0068.CHK
C:\FOUND.010\FILE0069.CHK
C:\FOUND.010\FILE0070.CHK
C:\FOUND.010\FILE0071.CHK
C:\FOUND.010\FILE0072.CHK
C:\FOUND.010\FILE0073.CHK
C:\FOUND.010\FILE0074.CHK
C:\FOUND.010\FILE0075.CHK
C:\FOUND.010\FILE0076.CHK
C:\FOUND.010\FILE0077.CHK
C:\FOUND.010\FILE0078.CHK
C:\FOUND.010\FILE0079.CHK
C:\FOUND.010\FILE0080.CHK
C:\FOUND.010\FILE0081.CHK
C:\FOUND.010\FILE0082.CHK
C:\FOUND.010\FILE0083.CHK
C:\FOUND.010\FILE0084.CHK
C:\FOUND.010\FILE0085.CHK
C:\FOUND.010\FILE0086.CHK
C:\FOUND.010\FILE0087.CHK
C:\FOUND.010\FILE0088.CHK
C:\FOUND.010\FILE0089.CHK
C:\FOUND.010\FILE0090.CHK
C:\FOUND.010\FILE0091.CHK
C:\FOUND.010\FILE0092.CHK
C:\FOUND.010\FILE0093.CHK
C:\FOUND.010\FILE0094.CHK
C:\FOUND.010\FILE0095.CHK
C:\FOUND.010\FILE0096.CHK
C:\FOUND.010\FILE0097.CHK
C:\FOUND.010\FILE0098.CHK
C:\FOUND.010\FILE0099.CHK
C:\FOUND.010\FILE0100.CHK
C:\FOUND.010\FILE0101.CHK
C:\FOUND.010\FILE0102.CHK
C:\FOUND.010\FILE0103.CHK
C:\FOUND.010\FILE0104.CHK
C:\FOUND.010\FILE0105.CHK
C:\FOUND.010\FILE0106.CHK
C:\FOUND.010\FILE0107.CHK
C:\FOUND.010\FILE0108.CHK
C:\FOUND.010\FILE0109.CHK
C:\FOUND.010\FILE0110.CHK
C:\FOUND.010\FILE0111.CHK
C:\FOUND.010\FILE0112.CHK
C:\FOUND.010\FILE0113.CHK
C:\FOUND.010\FILE0114.CHK
C:\FOUND.010\FILE0115.CHK
C:\FOUND.010\FILE0116.CHK
C:\FOUND.010\FILE0117.CHK
C:\FOUND.010\FILE0118.CHK
C:\FOUND.010\FILE0119.CHK
C:\FOUND.010\FILE0120.CHK
C:\FOUND.010\FILE0121.CHK
C:\FOUND.010\FILE0122.CHK
C:\FOUND.010\FILE0123.CHK
C:\FOUND.010\FILE0124.CHK
C:\FOUND.010\FILE0125.CHK
C:\FOUND.010\FILE0126.CHK
C:\FOUND.010\FILE0127.CHK
C:\FOUND.010\FILE0128.CHK
C:\FOUND.010\FILE0129.CHK
C:\FOUND.010\FILE0130.CHK
C:\FOUND.010\FILE0131.CHK
C:\FOUND.010\FILE0132.CHK
C:\FOUND.010\FILE0133.CHK
C:\FOUND.010\FILE0134.CHK
C:\FOUND.010\FILE0135.CHK
C:\FOUND.010\FILE0136.CHK
C:\FOUND.010\FILE0137.CHK
C:\FOUND.010\FILE0138.CHK
C:\FOUND.010\FILE0139.CHK
C:\FOUND.010\FILE0140.CHK
C:\FOUND.010\FILE0141.CHK
C:\FOUND.010\FILE0142.CHK
C:\FOUND.010\FILE0143.CHK
C:\FOUND.010\FILE0144.CHK
C:\FOUND.010\FILE0145.CHK
C:\FOUND.010\FILE0146.CHK
C:\FOUND.010\FILE0147.CHK
C:\FOUND.010\FILE0148.CHK
C:\FOUND.010\FILE0149.CHK
C:\FOUND.010\FILE0150.CHK
C:\FOUND.010\FILE0151.CHK
C:\FOUND.010\FILE0152.CHK
C:\FOUND.010\FILE0153.CHK
C:\FOUND.010\FILE0154.CHK
C:\FOUND.010\FILE0155.CHK
C:\FOUND.010\FILE0156.CHK
C:\FOUND.010\FILE0157.CHK
C:\FOUND.010\FILE0158.CHK
C:\FOUND.010\FILE0159.CHK
C:\FOUND.010\FILE0160.CHK
C:\FOUND.010\FILE0161.CHK
C:\FOUND.010\FILE0162.CHK
C:\FOUND.010\FILE0163.CHK
C:\FOUND.010\FILE0164.CHK
C:\FOUND.010\FILE0165.CHK
C:\FOUND.010\FILE0166.CHK
C:\FOUND.010\FILE0167.CHK
C:\FOUND.010\FILE0168.CHK
C:\FOUND.010\FILE0169.CHK
C:\FOUND.010\FILE0170.CHK
C:\FOUND.010\FILE0171.CHK
C:\FOUND.010\FILE0172.CHK
C:\FOUND.010\FILE0173.CHK
C:\FOUND.010\FILE0174.CHK
C:\FOUND.010\FILE0175.CHK
C:\FOUND.010\FILE0176.CHK
C:\FOUND.010\FILE0177.CHK
C:\FOUND.010\FILE0178.CHK
C:\FOUND.010\FILE0179.CHK
C:\FOUND.010\FILE0180.CHK
C:\FOUND.010\FILE0181.CHK
C:\FOUND.010\FILE0182.CHK
C:\FOUND.010\FILE0183.CHK
C:\FOUND.010\FILE0184.CHK
C:\FOUND.010\FILE0185.CHK
C:\FOUND.010\FILE0186.CHK
C:\FOUND.010\FILE0187.CHK
C:\FOUND.010\FILE0188.CHK
C:\FOUND.010\FILE0189.CHK
C:\FOUND.010\FILE0190.CHK
C:\FOUND.010\FILE0191.CHK
C:\FOUND.010\FILE0192.CHK
C:\FOUND.010\FILE0193.CHK
C:\FOUND.010\FILE0194.CHK
C:\FOUND.010\FILE0195.CHK
C:\FOUND.010\FILE0196.CHK
C:\FOUND.010\FILE0197.CHK
C:\FOUND.010\FILE0198.CHK
C:\FOUND.010\FILE0199.CHK
C:\FOUND.010\FILE0200.CHK
C:\FOUND.010\FILE0201.CHK
C:\FOUND.010\FILE0202.CHK
C:\FOUND.010\FILE0203.CHK
C:\FOUND.010\FILE0204.CHK
C:\FOUND.010\FILE0205.CHK
C:\FOUND.010\FILE0206.CHK
C:\FOUND.010\FILE0207.CHK
C:\FOUND.010\FILE0208.CHK
C:\FOUND.010\FILE0209.CHK
C:\FOUND.010\FILE0210.CHK
C:\FOUND.010\FILE0211.CHK
C:\FOUND.010\FILE0212.CHK
C:\FOUND.010\FILE0213.CHK
C:\FOUND.010\FILE0214.CHK
C:\FOUND.010\FILE0215.CHK
C:\FOUND.010\FILE0216.CHK
C:\FOUND.010\FILE0217.CHK
C:\FOUND.010\FILE0218.CHK
C:\FOUND.010\FILE0219.CHK
C:\FOUND.010\FILE0220.CHK
C:\FOUND.010\FILE0221.CHK
C:\FOUND.010\FILE0222.CHK
C:\FOUND.010\FILE0223.CHK
C:\FOUND.010\FILE0224.CHK
C:\FOUND.010\FILE0225.CHK
C:\FOUND.010\FILE0226.CHK
C:\FOUND.010\FILE0227.CHK
C:\FOUND.010\FILE0228.CHK
C:\FOUND.010\FILE0229.CHK
C:\FOUND.010\FILE0230.CHK
C:\FOUND.010\FILE0231.CHK
C:\FOUND.010\FILE0232.CHK
C:\FOUND.010\FILE0233.CHK
C:\FOUND.010\FILE0234.CHK
C:\FOUND.010\FILE0235.CHK
C:\FOUND.010\FILE0236.CHK
C:\FOUND.010\FILE0237.CHK
C:\FOUND.010\FILE0238.CHK
C:\FOUND.010\FILE0239.CHK
C:\FOUND.010\FILE0240.CHK
C:\FOUND.010\FILE0241.CHK
C:\FOUND.010\FILE0242.CHK
C:\FOUND.010\FILE0243.CHK
C:\FOUND.010\FILE0244.CHK
C:\FOUND.010\FILE0245.CHK
C:\FOUND.010\FILE0246.CHK
C:\FOUND.010\FILE0247.CHK
C:\FOUND.010\FILE0248.CHK
C:\FOUND.011
C:\FOUND.011\FILE0000.CHK
C:\FOUND.011\FILE0001.CHK
C:\FOUND.011\FILE0002.CHK
C:\FOUND.011\FILE0003.CHK
C:\FOUND.011\FILE0004.CHK
C:\FOUND.011\FILE0005.CHK
C:\FOUND.011\FILE0006.CHK
C:\FOUND.011\FILE0007.CHK
C:\FOUND.011\FILE0008.CHK
C:\FOUND.011\FILE0009.CHK
C:\FOUND.011\FILE0011.CHK
C:\FOUND.011\FILE0012.CHK
C:\FOUND.012
C:\FOUND.012\FILE0000.CHK
C:\FOUND.012\FILE0001.CHK
C:\FOUND.012\FILE0002.CHK
C:\FOUND.012\FILE0003.CHK
C:\FOUND.012\FILE0004.CHK
C:\FOUND.012\FILE0005.CHK
C:\FOUND.012\FILE0006.CHK
C:\FOUND.013
C:\FOUND.013\FILE0000.CHK
C:\FOUND.013\FILE0001.CHK
C:\FOUND.014
C:\FOUND.014\FILE0000.CHK
C:\FOUND.014\FILE0001.CHK
C:\FOUND.014\FILE0002.CHK
C:\FOUND.014\FILE0003.CHK
C:\FOUND.014\FILE0004.CHK
C:\FOUND.014\FILE0005.CHK
C:\FOUND.014\FILE0006.CHK
C:\FOUND.014\FILE0007.CHK
C:\FOUND.014\FILE0008.CHK
C:\FOUND.014\FILE0009.CHK
C:\FOUND.014\FILE0010.CHK
C:\FOUND.014\FILE0011.CHK
C:\FOUND.014\FILE0012.CHK
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
.
2008-03-11 13:27 . 2008-03-11 13:27 <REP> d-------- C:\Program Files\Avira
2008-03-10 00:36 . 2008-03-10 00:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-06 21:22 . 2008-03-06 21:22 <REP> d-------- C:\Program Files\Alwil Software
2008-03-06 21:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-06 21:22 . 2008-03-11 12:11 2 --a------ C:\WINDOWS\system32\config.nt
2008-03-06 19:31 . 2008-03-06 19:31 <REP> d-------- C:\Program Files\Motherboard Monitor 5
2008-03-04 12:37 . 2008-03-04 12:37 <REP> d-------- C:\Program Files\MSXML 6.0
2008-03-04 11:30 . 2008-03-04 11:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-03-04 11:07 . 2008-03-04 11:07 <REP> d-------- C:\BackUpMSNCleaner
2008-03-04 10:55 . 2008-03-04 10:55 <REP> d--hs---- C:\FOUND.005
2008-03-04 09:59 . 2008-03-04 09:59 <REP> d-------- C:\Program Files\CCleaner
2008-03-04 07:25 . 2008-03-04 07:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 07:25 . 2008-03-04 07:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-28 21:39 . 2008-02-28 21:39 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\WINDOWS\Symbols
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\HTML Help Workshop
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Business Objects
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\CE Remote Tools
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PreEmptive Solutions
2008-02-28 21:22 . 2008-02-28 21:22 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-28 21:15 . 2008-02-28 21:15 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-28 19:51 . 2008-02-28 19:51 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD1
2008-02-28 19:24 . 2008-02-28 19:24 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD2
2008-02-13 12:51 . 2008-02-13 12:51 <REP> d--hs---- C:\FOUND.004
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 18:56 --------- d-----w C:\Program Files\Canon
2008-01-29 18:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon
2008-01-21 21:20 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-01-21 21:20 --------- d-----w C:\Program Files\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2008-01-21 20:55 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\River Past G5
2008-01-21 20:55 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
2008-01-21 18:09 --------- d-----w C:\Program Files\Red Kawa
2008-01-21 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-21 14:41 --------- d-----w C:\Program Files\iTunes
2008-01-21 14:41 --------- d-----w C:\Program Files\iPod
2008-01-21 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-21 14:31 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\Apple Computer
2008-01-21 14:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-01-21 14:29 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-01-21 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-01-21 14:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-08-28 13:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ErrorSafeFree"="C:\Program Files\ErrorSafe Free\uers.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 10:31 397312]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 15:29 167936]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-11 13:28 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\ALEX\\blobby\\volley.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
*Newly Created Service* - INT15.SYS
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 21:00:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
"ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00R\02pè\13\00pè\13\00\18î‘|ðô
[\02ÿÿÿÿm\05’|x\01\15\00\00\00\15\00\00\00\00\00ö\1b"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-11 21:03:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-11 20:03:04
ComboFix4.txt 2008-03-10 18:48:22
ComboFix3.txt 2008-03-10 18:59:56
ComboFix2.txt 2008-03-11 18:51:14
.
2008-03-10 21:22:14 --- E O F ---
ComboFix 08-03-10.1 - Alexandre BERNARD 2008-03-11 20:54:27.5 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.160 [GMT 1:00]
Endroit: C:\Documents and Settings\Alexandre BERNARD\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alexandre BERNARD\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\Windows\RUNXMLPL.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
C:\FOUND.006
C:\FOUND.006\FILE0000.CHK
C:\FOUND.007
C:\FOUND.007\FILE0000.CHK
C:\FOUND.007\FILE0001.CHK
C:\FOUND.007\FILE0002.CHK
C:\FOUND.007\FILE0003.CHK
C:\FOUND.007\FILE0004.CHK
C:\FOUND.007\FILE0005.CHK
C:\FOUND.008
C:\FOUND.008\FILE0000.CHK
C:\FOUND.009
C:\FOUND.009\FILE0000.CHK
C:\FOUND.009\FILE0001.CHK
C:\FOUND.009\FILE0002.CHK
C:\FOUND.009\FILE0003.CHK
C:\FOUND.009\FILE0004.CHK
C:\FOUND.009\FILE0005.CHK
C:\FOUND.009\FILE0006.CHK
C:\FOUND.009\FILE0007.CHK
C:\FOUND.009\FILE0008.CHK
C:\FOUND.009\FILE0009.CHK
C:\FOUND.010
C:\FOUND.010\FILE0000.CHK
C:\FOUND.010\FILE0001.CHK
C:\FOUND.010\FILE0002.CHK
C:\FOUND.010\FILE0003.CHK
C:\FOUND.010\FILE0004.CHK
C:\FOUND.010\FILE0005.CHK
C:\FOUND.010\FILE0006.CHK
C:\FOUND.010\FILE0007.CHK
C:\FOUND.010\FILE0008.CHK
C:\FOUND.010\FILE0009.CHK
C:\FOUND.010\FILE0010.CHK
C:\FOUND.010\FILE0011.CHK
C:\FOUND.010\FILE0012.CHK
C:\FOUND.010\FILE0013.CHK
C:\FOUND.010\FILE0014.CHK
C:\FOUND.010\FILE0015.CHK
C:\FOUND.010\FILE0016.CHK
C:\FOUND.010\FILE0017.CHK
C:\FOUND.010\FILE0018.CHK
C:\FOUND.010\FILE0019.CHK
C:\FOUND.010\FILE0020.CHK
C:\FOUND.010\FILE0021.CHK
C:\FOUND.010\FILE0022.CHK
C:\FOUND.010\FILE0023.CHK
C:\FOUND.010\FILE0024.CHK
C:\FOUND.010\FILE0025.CHK
C:\FOUND.010\FILE0026.CHK
C:\FOUND.010\FILE0027.CHK
C:\FOUND.010\FILE0028.CHK
C:\FOUND.010\FILE0029.CHK
C:\FOUND.010\FILE0030.CHK
C:\FOUND.010\FILE0031.CHK
C:\FOUND.010\FILE0032.CHK
C:\FOUND.010\FILE0033.CHK
C:\FOUND.010\FILE0034.CHK
C:\FOUND.010\FILE0035.CHK
C:\FOUND.010\FILE0036.CHK
C:\FOUND.010\FILE0037.CHK
C:\FOUND.010\FILE0038.CHK
C:\FOUND.010\FILE0039.CHK
C:\FOUND.010\FILE0040.CHK
C:\FOUND.010\FILE0041.CHK
C:\FOUND.010\FILE0042.CHK
C:\FOUND.010\FILE0043.CHK
C:\FOUND.010\FILE0044.CHK
C:\FOUND.010\FILE0045.CHK
C:\FOUND.010\FILE0046.CHK
C:\FOUND.010\FILE0047.CHK
C:\FOUND.010\FILE0048.CHK
C:\FOUND.010\FILE0049.CHK
C:\FOUND.010\FILE0050.CHK
C:\FOUND.010\FILE0051.CHK
C:\FOUND.010\FILE0052.CHK
C:\FOUND.010\FILE0053.CHK
C:\FOUND.010\FILE0054.CHK
C:\FOUND.010\FILE0055.CHK
C:\FOUND.010\FILE0056.CHK
C:\FOUND.010\FILE0057.CHK
C:\FOUND.010\FILE0058.CHK
C:\FOUND.010\FILE0059.CHK
C:\FOUND.010\FILE0060.CHK
C:\FOUND.010\FILE0061.CHK
C:\FOUND.010\FILE0062.CHK
C:\FOUND.010\FILE0063.CHK
C:\FOUND.010\FILE0064.CHK
C:\FOUND.010\FILE0065.CHK
C:\FOUND.010\FILE0066.CHK
C:\FOUND.010\FILE0067.CHK
C:\FOUND.010\FILE0068.CHK
C:\FOUND.010\FILE0069.CHK
C:\FOUND.010\FILE0070.CHK
C:\FOUND.010\FILE0071.CHK
C:\FOUND.010\FILE0072.CHK
C:\FOUND.010\FILE0073.CHK
C:\FOUND.010\FILE0074.CHK
C:\FOUND.010\FILE0075.CHK
C:\FOUND.010\FILE0076.CHK
C:\FOUND.010\FILE0077.CHK
C:\FOUND.010\FILE0078.CHK
C:\FOUND.010\FILE0079.CHK
C:\FOUND.010\FILE0080.CHK
C:\FOUND.010\FILE0081.CHK
C:\FOUND.010\FILE0082.CHK
C:\FOUND.010\FILE0083.CHK
C:\FOUND.010\FILE0084.CHK
C:\FOUND.010\FILE0085.CHK
C:\FOUND.010\FILE0086.CHK
C:\FOUND.010\FILE0087.CHK
C:\FOUND.010\FILE0088.CHK
C:\FOUND.010\FILE0089.CHK
C:\FOUND.010\FILE0090.CHK
C:\FOUND.010\FILE0091.CHK
C:\FOUND.010\FILE0092.CHK
C:\FOUND.010\FILE0093.CHK
C:\FOUND.010\FILE0094.CHK
C:\FOUND.010\FILE0095.CHK
C:\FOUND.010\FILE0096.CHK
C:\FOUND.010\FILE0097.CHK
C:\FOUND.010\FILE0098.CHK
C:\FOUND.010\FILE0099.CHK
C:\FOUND.010\FILE0100.CHK
C:\FOUND.010\FILE0101.CHK
C:\FOUND.010\FILE0102.CHK
C:\FOUND.010\FILE0103.CHK
C:\FOUND.010\FILE0104.CHK
C:\FOUND.010\FILE0105.CHK
C:\FOUND.010\FILE0106.CHK
C:\FOUND.010\FILE0107.CHK
C:\FOUND.010\FILE0108.CHK
C:\FOUND.010\FILE0109.CHK
C:\FOUND.010\FILE0110.CHK
C:\FOUND.010\FILE0111.CHK
C:\FOUND.010\FILE0112.CHK
C:\FOUND.010\FILE0113.CHK
C:\FOUND.010\FILE0114.CHK
C:\FOUND.010\FILE0115.CHK
C:\FOUND.010\FILE0116.CHK
C:\FOUND.010\FILE0117.CHK
C:\FOUND.010\FILE0118.CHK
C:\FOUND.010\FILE0119.CHK
C:\FOUND.010\FILE0120.CHK
C:\FOUND.010\FILE0121.CHK
C:\FOUND.010\FILE0122.CHK
C:\FOUND.010\FILE0123.CHK
C:\FOUND.010\FILE0124.CHK
C:\FOUND.010\FILE0125.CHK
C:\FOUND.010\FILE0126.CHK
C:\FOUND.010\FILE0127.CHK
C:\FOUND.010\FILE0128.CHK
C:\FOUND.010\FILE0129.CHK
C:\FOUND.010\FILE0130.CHK
C:\FOUND.010\FILE0131.CHK
C:\FOUND.010\FILE0132.CHK
C:\FOUND.010\FILE0133.CHK
C:\FOUND.010\FILE0134.CHK
C:\FOUND.010\FILE0135.CHK
C:\FOUND.010\FILE0136.CHK
C:\FOUND.010\FILE0137.CHK
C:\FOUND.010\FILE0138.CHK
C:\FOUND.010\FILE0139.CHK
C:\FOUND.010\FILE0140.CHK
C:\FOUND.010\FILE0141.CHK
C:\FOUND.010\FILE0142.CHK
C:\FOUND.010\FILE0143.CHK
C:\FOUND.010\FILE0144.CHK
C:\FOUND.010\FILE0145.CHK
C:\FOUND.010\FILE0146.CHK
C:\FOUND.010\FILE0147.CHK
C:\FOUND.010\FILE0148.CHK
C:\FOUND.010\FILE0149.CHK
C:\FOUND.010\FILE0150.CHK
C:\FOUND.010\FILE0151.CHK
C:\FOUND.010\FILE0152.CHK
C:\FOUND.010\FILE0153.CHK
C:\FOUND.010\FILE0154.CHK
C:\FOUND.010\FILE0155.CHK
C:\FOUND.010\FILE0156.CHK
C:\FOUND.010\FILE0157.CHK
C:\FOUND.010\FILE0158.CHK
C:\FOUND.010\FILE0159.CHK
C:\FOUND.010\FILE0160.CHK
C:\FOUND.010\FILE0161.CHK
C:\FOUND.010\FILE0162.CHK
C:\FOUND.010\FILE0163.CHK
C:\FOUND.010\FILE0164.CHK
C:\FOUND.010\FILE0165.CHK
C:\FOUND.010\FILE0166.CHK
C:\FOUND.010\FILE0167.CHK
C:\FOUND.010\FILE0168.CHK
C:\FOUND.010\FILE0169.CHK
C:\FOUND.010\FILE0170.CHK
C:\FOUND.010\FILE0171.CHK
C:\FOUND.010\FILE0172.CHK
C:\FOUND.010\FILE0173.CHK
C:\FOUND.010\FILE0174.CHK
C:\FOUND.010\FILE0175.CHK
C:\FOUND.010\FILE0176.CHK
C:\FOUND.010\FILE0177.CHK
C:\FOUND.010\FILE0178.CHK
C:\FOUND.010\FILE0179.CHK
C:\FOUND.010\FILE0180.CHK
C:\FOUND.010\FILE0181.CHK
C:\FOUND.010\FILE0182.CHK
C:\FOUND.010\FILE0183.CHK
C:\FOUND.010\FILE0184.CHK
C:\FOUND.010\FILE0185.CHK
C:\FOUND.010\FILE0186.CHK
C:\FOUND.010\FILE0187.CHK
C:\FOUND.010\FILE0188.CHK
C:\FOUND.010\FILE0189.CHK
C:\FOUND.010\FILE0190.CHK
C:\FOUND.010\FILE0191.CHK
C:\FOUND.010\FILE0192.CHK
C:\FOUND.010\FILE0193.CHK
C:\FOUND.010\FILE0194.CHK
C:\FOUND.010\FILE0195.CHK
C:\FOUND.010\FILE0196.CHK
C:\FOUND.010\FILE0197.CHK
C:\FOUND.010\FILE0198.CHK
C:\FOUND.010\FILE0199.CHK
C:\FOUND.010\FILE0200.CHK
C:\FOUND.010\FILE0201.CHK
C:\FOUND.010\FILE0202.CHK
C:\FOUND.010\FILE0203.CHK
C:\FOUND.010\FILE0204.CHK
C:\FOUND.010\FILE0205.CHK
C:\FOUND.010\FILE0206.CHK
C:\FOUND.010\FILE0207.CHK
C:\FOUND.010\FILE0208.CHK
C:\FOUND.010\FILE0209.CHK
C:\FOUND.010\FILE0210.CHK
C:\FOUND.010\FILE0211.CHK
C:\FOUND.010\FILE0212.CHK
C:\FOUND.010\FILE0213.CHK
C:\FOUND.010\FILE0214.CHK
C:\FOUND.010\FILE0215.CHK
C:\FOUND.010\FILE0216.CHK
C:\FOUND.010\FILE0217.CHK
C:\FOUND.010\FILE0218.CHK
C:\FOUND.010\FILE0219.CHK
C:\FOUND.010\FILE0220.CHK
C:\FOUND.010\FILE0221.CHK
C:\FOUND.010\FILE0222.CHK
C:\FOUND.010\FILE0223.CHK
C:\FOUND.010\FILE0224.CHK
C:\FOUND.010\FILE0225.CHK
C:\FOUND.010\FILE0226.CHK
C:\FOUND.010\FILE0227.CHK
C:\FOUND.010\FILE0228.CHK
C:\FOUND.010\FILE0229.CHK
C:\FOUND.010\FILE0230.CHK
C:\FOUND.010\FILE0231.CHK
C:\FOUND.010\FILE0232.CHK
C:\FOUND.010\FILE0233.CHK
C:\FOUND.010\FILE0234.CHK
C:\FOUND.010\FILE0235.CHK
C:\FOUND.010\FILE0236.CHK
C:\FOUND.010\FILE0237.CHK
C:\FOUND.010\FILE0238.CHK
C:\FOUND.010\FILE0239.CHK
C:\FOUND.010\FILE0240.CHK
C:\FOUND.010\FILE0241.CHK
C:\FOUND.010\FILE0242.CHK
C:\FOUND.010\FILE0243.CHK
C:\FOUND.010\FILE0244.CHK
C:\FOUND.010\FILE0245.CHK
C:\FOUND.010\FILE0246.CHK
C:\FOUND.010\FILE0247.CHK
C:\FOUND.010\FILE0248.CHK
C:\FOUND.011
C:\FOUND.011\FILE0000.CHK
C:\FOUND.011\FILE0001.CHK
C:\FOUND.011\FILE0002.CHK
C:\FOUND.011\FILE0003.CHK
C:\FOUND.011\FILE0004.CHK
C:\FOUND.011\FILE0005.CHK
C:\FOUND.011\FILE0006.CHK
C:\FOUND.011\FILE0007.CHK
C:\FOUND.011\FILE0008.CHK
C:\FOUND.011\FILE0009.CHK
C:\FOUND.011\FILE0011.CHK
C:\FOUND.011\FILE0012.CHK
C:\FOUND.012
C:\FOUND.012\FILE0000.CHK
C:\FOUND.012\FILE0001.CHK
C:\FOUND.012\FILE0002.CHK
C:\FOUND.012\FILE0003.CHK
C:\FOUND.012\FILE0004.CHK
C:\FOUND.012\FILE0005.CHK
C:\FOUND.012\FILE0006.CHK
C:\FOUND.013
C:\FOUND.013\FILE0000.CHK
C:\FOUND.013\FILE0001.CHK
C:\FOUND.014
C:\FOUND.014\FILE0000.CHK
C:\FOUND.014\FILE0001.CHK
C:\FOUND.014\FILE0002.CHK
C:\FOUND.014\FILE0003.CHK
C:\FOUND.014\FILE0004.CHK
C:\FOUND.014\FILE0005.CHK
C:\FOUND.014\FILE0006.CHK
C:\FOUND.014\FILE0007.CHK
C:\FOUND.014\FILE0008.CHK
C:\FOUND.014\FILE0009.CHK
C:\FOUND.014\FILE0010.CHK
C:\FOUND.014\FILE0011.CHK
C:\FOUND.014\FILE0012.CHK
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
.
2008-03-11 13:27 . 2008-03-11 13:27 <REP> d-------- C:\Program Files\Avira
2008-03-10 00:36 . 2008-03-10 00:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-06 21:22 . 2008-03-06 21:22 <REP> d-------- C:\Program Files\Alwil Software
2008-03-06 21:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-06 21:22 . 2008-03-11 12:11 2 --a------ C:\WINDOWS\system32\config.nt
2008-03-06 19:31 . 2008-03-06 19:31 <REP> d-------- C:\Program Files\Motherboard Monitor 5
2008-03-04 12:37 . 2008-03-04 12:37 <REP> d-------- C:\Program Files\MSXML 6.0
2008-03-04 11:30 . 2008-03-04 11:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-03-04 11:07 . 2008-03-04 11:07 <REP> d-------- C:\BackUpMSNCleaner
2008-03-04 10:55 . 2008-03-04 10:55 <REP> d--hs---- C:\FOUND.005
2008-03-04 09:59 . 2008-03-04 09:59 <REP> d-------- C:\Program Files\CCleaner
2008-03-04 07:25 . 2008-03-04 07:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 07:25 . 2008-03-04 07:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-28 21:39 . 2008-02-28 21:39 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\WINDOWS\Symbols
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\HTML Help Workshop
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Business Objects
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\CE Remote Tools
2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PreEmptive Solutions
2008-02-28 21:22 . 2008-02-28 21:22 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-02-28 21:15 . 2008-02-28 21:15 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-28 19:51 . 2008-02-28 19:51 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD1
2008-02-28 19:24 . 2008-02-28 19:24 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD2
2008-02-13 12:51 . 2008-02-13 12:51 <REP> d--hs---- C:\FOUND.004
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 18:56 --------- d-----w C:\Program Files\Canon
2008-01-29 18:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon
2008-01-21 21:20 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-01-21 21:20 --------- d-----w C:\Program Files\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\AVS4YOU
2008-01-21 21:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2008-01-21 20:55 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\River Past G5
2008-01-21 20:55 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
2008-01-21 18:09 --------- d-----w C:\Program Files\Red Kawa
2008-01-21 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-21 14:41 --------- d-----w C:\Program Files\iTunes
2008-01-21 14:41 --------- d-----w C:\Program Files\iPod
2008-01-21 14:39 --------- d-----w C:\Program Files\QuickTime
2008-01-21 14:31 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\Apple Computer
2008-01-21 14:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-01-21 14:29 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-01-21 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-01-21 14:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-08-28 13:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ErrorSafeFree"="C:\Program Files\ErrorSafe Free\uers.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 10:31 397312]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 15:29 167936]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-11 13:28 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\ALEX\\blobby\\volley.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
*Newly Created Service* - INT15.SYS
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 21:00:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
"ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00R\02pè\13\00pè\13\00\18î‘|ðô
[\02ÿÿÿÿm\05’|x\01\15\00\00\00\15\00\00\00\00\00ö\1b"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-11 21:03:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-11 20:03:04
ComboFix4.txt 2008-03-10 18:48:22
ComboFix3.txt 2008-03-10 18:59:56
ComboFix2.txt 2008-03-11 18:51:14
.
2008-03-10 21:22:14 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:17, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
--
End of file - 9530 bytes
Scan saved at 21:04:17, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
--
End of file - 9530 bytes
voilà
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:24, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
--
End of file - 9596 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:24, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
--
End of file - 9596 bytes
Voici le scan après le fix checked
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:48, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
--
End of file - 9423 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:48, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
--
End of file - 9423 bytes
Un tool va s'occuper de la suppression ![;)]( ";)")
Télécharge ToolsCleaner sur ton Bureau.
Clique sur Recherche et laisse le scan se terminer.
Clique sur Suppression pour finaliser.
Clique sur Quitter, pour que le rapport puisse se créer.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"![]()
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
![]()
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 05/06/2007 a 21:55:01,85
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\RUNXMLPL.exe
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 05/06/2007 a 21:55:01,85
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\RUNXMLPL.exe
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Lassé par la pub ? Créez un compte
