Virus spoolsvt

chqueste

3 Mars 2009 17:22:11

Bonjour
Apres avoir cliké sur un fichier dl sur emule mon PC a planté. Maintenant quand il redémarre je ne peux plus aller sur internet ni msn ni gestionnaire de tache ni avast ( c:\program files\alwil software\avast4\ashavast.exe n'est pas une application Win32 valide) . Et une page internet s'ouvre toute seule: C:\WINDOWS\ad1.htm
J'ai trouvé un fichier appelé SPOOLSVT dans mes progammes files que je suppose etre le virus.

J'ai donc essayé de le supprimer mais c'est impossible, j'ai voulu démarrer en mode sans echec mais ecran bleu, j'ai voulu formater je n'y arrive pas non plus et pour finir j'ai essayé le scan hijackthis et ca ne marche pas non plus.

Quelqu'un a une idée de ce que je dois faire ???

PS: je ne suis pas pro en pc

Merci

Autres pages sur : virus spoolsvt

| Etre averti des réponses
| Alerter

Répondre à chqueste

Angeldark

3 Mars 2009 18:08:30

Bonjour,

Ça ressemble à du Bagle.

Télécharge Gmer. (Przemyslaw Gmerek)

Dézippe-le dans un dossier dédié ou sur ton Bureau.

Déconnecte toi d'Internet puis ferme tous les programmes.

Double-clique sur Gmer.exe.
Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet Rootkit.

A droite, coche seulement Files et Services.

Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.

Le rapport doit alors apparaître.

Enregistre le fichier sur ton Bureau et poste le contenu ici.

| Alerter

Répondre à Angeldark

chqueste

5 Mars 2009 14:42:40

Bonjour Angeldark

Merci pour ta reponse, j'ai Telechargé Gmer mais ca ne fonctionne pas, il ne veux pas scanné il me mets des problemes de system 32 et il se ferme tout seul

Une autre solution ??

| Alerter

Répondre à chqueste

Angeldark

5 Mars 2009 15:47:34

Il se ferme avec un message d'erreur ?

Télécharge Elibagla au bas de cette page.
Il est préférable pour certains antivirus de les désactiver avant d’entâmer cette procédure !

Clique sur le Descargar Elibagla afin de télécharger le fichier, enregistre-le sur ton Bureau.

Lance le en double cliquant dessus.

Vérifie que dans le menu déroulant Unidad, il y ait bien la racine de la racine de la partition où est installé Windows, généralement -> C:\

L'option Eliminar Ficheros Automaticamente doit également être cochée.

Clique sur Explorar pour lancer l'analyse.

Poste le rapport généré en fin fin d'analyse.

Note : Le rapport se trouve ici : C:\infosat.txt

| Alerter

Répondre à Angeldark

chqueste

5 Mars 2009 17:26:15

Quand je cliquais sur Gmer j'ai eu des messages d'erreurs ensuite il s'ouvrait puis se fermait tout seul sans message d'erreur.

La j'ai dl elibagla mais lui aussi se fermait tous seul aprés avoir analysé a peine 5000 fichiers. J'ai redémarré et elibagla c'est lancé au démarrage la ca analyse.

| Alerter

Répondre à chqueste

Angeldark

5 Mars 2009 18:28:41

On va essayer avec un autre tool

Télécharge FindyKill (Chiquitine29) sur ton Bureau.

Lance l'installation du programme en exécutant le fichier téléchargé.

Double-clique maintenant sur le raccourci de FindyKill.

Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

Poste le lien du rapport généré dans ta prochaine réponse.

NB : La barre des tâches et les icônes vont disparaître pendant la recherche.

| Alerter

Répondre à Angeldark

chqueste

5 Mars 2009 19:08:41

Elibagla a donné ca :
a ce que je comprend il a effacé qques vers mais il n'arrive pas a allé au bout !

Thu Mar 05 18:13:36 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Mar 05 18:13:58 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Mar 05 18:14:38 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Mar 05 18:14:49 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Thu Mar 05 18:14:58 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Mar 05 18:15:01 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Thu Mar 05 18:15:44 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Mar 05 18:15:48 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Thu Mar 05 18:16:08 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Mar 05 18:16:12 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Thu Mar 05 18:17:26 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Mar 05 18:17:30 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Thu Mar 05 18:18:23 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Mar 05 18:18:28 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Thu Mar 05 18:20:04 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Mar 05 18:20:37 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023221.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023227.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023274.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023341.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023456.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023476.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023501.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023651.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023695.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023721.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023734.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023821.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023832.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023928.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024009.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024026.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024059.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0025060.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026061.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026081.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026163.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026358.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026373.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026388.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026404.SYS --> Eliminado Bagle(rootkit)
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026420.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 4325
Nº Total de Ficheros: 57614
Nº de Ficheros Analizados: 13178
Nº de Ficheros Infectados: 27
Nº de Ficheros Limpiados: 27

Thu Mar 05 18:24:44 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 4325
Nº Total de Ficheros: 57587
Nº de Ficheros Analizados: 13151
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Mar 05 18:25:35 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 4325
Nº Total de Ficheros: 57587
Nº de Ficheros Analizados: 13151
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Mar 05 18:27:19 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 4325
Nº Total de Ficheros: 57586
Nº de Ficheros Analizados: 13151
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Mar 05 18:28:30 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 1094
Nº Total de Ficheros: 21343
Nº de Ficheros Analizados: 6401
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Thu Mar 05 18:28:46 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 4325
Nº Total de Ficheros: 57586
Nº de Ficheros Analizados: 13151
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Mar 05 18:30:09 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Mar 05 18:30:12 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 4325
Nº Total de Ficheros: 57593
Nº de Ficheros Analizados: 13153
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Thu Mar 05 18:33:28 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\JEREMY\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Mar 05 18:34:00 2009
EliBagle v12.29 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Marzo del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 4325
Nº Total de Ficheros: 57604
Nº de Ficheros Analizados: 13155
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

| Alerter

Répondre à chqueste

chqueste

6 Mars 2009 17:32:08

Voila pour findykill :

############################## [ FindyKill V4.718 ]

# User : Jeremy (Administrateurs) # ACER-36ADEA1256
# Update on 01/03/09
# Start at: 18:28:44 | 06/03/2009

# Genuine Intel(R) CPU T2300 @ 1.66GHz
# Microsoft Windows XP dition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 53,69 Go (24,06 Go free) [ACER] # FAT32
# D:\ # Disque fixe local # 54,18 Go (7,84 Go free) [ACERDATA] # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # 3,64 Go (3,5 Go free) [USB DISK] # FAT32
# H:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\jwt32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe
C:\Program Files\spoolsvt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe

################## [ Processus infectieux stoppés ]

"C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe" (2932)

################## [ Fichiers / Dossiers infectieux C:\ ]

Found ! - C:\InfoSat.txt

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\.. Application Data ... ]

Found ! - "C:\Documents and Settings\Jeremy\Application Data\drivers"
Found ! - "C:\Documents and Settings\Jeremy\Application Data\drivers\wfsintwq.sys"
Found ! - "C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe"
Found ! - "C:\Documents and Settings\Jeremy\Application Data\drivers\downld"

################## [ Registre / Clés infectieuses ]

Found ! - HKEY_USERS\S-1-5-21-1602045562-1948361695-3302033575-1006\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_USERS\S-1-5-21-1602045562-1948361695-3302033575-1006\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1602045562-1948361695-3302033575-1006\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1602045562-1948361695-3302033575-1006\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! - HKEY_USERS\S-1-5-21-1602045562-1948361695-3302033575-1006\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"

# Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

################## [ Recherche dans supports amovibles]

# Presence des fichiers :

################## [ Registre / Mountpoint2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.718 ! ]

| Alerter

Répondre à chqueste

Angeldark

6 Mars 2009 18:18:50

Passe l'option 2 de Findykill.

| Alerter

Répondre à Angeldark

chqueste

7 Mars 2009 13:30:02

Yes ca a marché mon PC a l'air de bien refonctonner

Merci beaucoup a toi Angeldark

Que me conseille tu comme antivirus gratuit ?? je pensais a antivir pour remplacé ma passoire d'avast ?

| Alerter

Répondre à chqueste

Angeldark

7 Mars 2009 13:31:31

AntiVir oui. Tu as le rapport Findykill ?

| Alerter

Répondre à Angeldark

chqueste

7 Mars 2009 14:33:51

############################## [ FindyKill V4.718 ]

# User : Jeremy (Administrateurs) # ACER-36ADEA1256
# Update on 01/03/09
# Start at: 14:15:57 | 07/03/2009

# Genuine Intel(R) CPU T2300 @ 1.66GHz
# Microsoft Windows XP dition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 53,69 Go (24,05 Go free) [ACER] # FAT32
# D:\ # Disque fixe local # 54,18 Go (7,84 Go free) [ACERDATA] # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# H:\ # Disque CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\jwt32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe
C:\Program Files\spoolsvt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

################## [ Infected processes stopped ]

"C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe" (3360)

################## [ Infected Files / Folders C:\ ]

Deleted ! - C:\InfoSat.txt

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\.. Application Data ... ]

Deleted ! - "C:\Documents and Settings\Jeremy\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Jeremy\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Jeremy\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\Jeremy\Application Data\drivers"

################## [ Registry / Infected keys ]

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_USERS\S-1-5-21-1602045562-1948361695-3302033575-1006\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"

################## [ Cleaning Removable drives ]

# Deleting files :

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

7196d5a3 C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe
cbdc9ed044b6f463fc4ae80232331e4f C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe

Suspect ! "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"
# Taille : 864256 # MD5 : CBDC9ED044B6F463FC4AE80232331E4F

Suspect ! "C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026541.Exe"
# Taille : 864256 # MD5 : CBDC9ED044B6F463FC4AE80232331E4F

Suspect ! "C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026554.Exe"
# Taille : 864256 # MD5 : CBDC9ED044B6F463FC4AE80232331E4F

Suspect ! "C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026578.EXE"
# Taille : 864256 # MD5 : CBDC9ED044B6F463FC4AE80232331E4F

Deleted ! "C:\Program Files\Micro Application\Réussir ses CV et Lettres de Motivation.rar"
# Contain ERROR: with Bagle CRC32 : et

################## [ PEH Corrupted ]

C:\WINDOWS\system32\dllcache\register.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023269.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023270.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023277.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023278.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023279.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023283.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023284.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023285.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023286.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023287.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023288.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023289.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023290.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023291.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023292.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023293.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023294.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023295.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023296.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023297.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023311.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023312.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023313.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023314.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023315.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023316.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023317.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023318.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023319.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023320.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023321.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023322.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023323.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023324.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023325.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023326.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023327.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023328.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023329.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023337.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023344.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023345.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023452.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023465.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023469.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023471.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023472.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023478.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023492.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023497.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023498.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023504.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023505.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023645.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023646.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023648.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023655.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023656.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023677.EXE
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023688.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023690.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023691.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023701.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023702.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023714.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023715.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023717.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023724.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP232\A0023725.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023730.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023731.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023737.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023739.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023740.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023754.EXE
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023755.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023756.EXE
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023757.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023758.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023759.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023760.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023761.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023762.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023763.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023764.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023765.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023766.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023770.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023771.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023779.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023816.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023817.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023818.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023823.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP233\A0023824.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023829.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023830.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023835.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023836.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023837.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023853.EXE
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023854.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023855.EXE
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023856.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023857.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023858.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023859.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023860.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023861.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023862.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023863.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023864.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023865.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023869.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023870.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP234\A0023878.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023915.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023925.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023926.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023931.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023932.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023942.EXE
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023943.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023944.EXE
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023945.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023946.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023947.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023948.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023949.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023950.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023951.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023952.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023953.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023954.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023958.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023959.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0023967.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024004.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024005.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024006.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024020.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024022.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024023.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024032.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024033.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024037.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024053.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024055.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024056.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024064.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024065.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0024066.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0025053.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0025055.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0025056.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0025062.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0025063.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026053.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026054.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026055.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026059.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026060.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026075.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026077.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026078.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026083.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026084.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026085.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026086.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026087.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026143.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026156.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026157.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026159.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026160.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026165.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026166.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026167.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026168.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026169.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026170.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026171.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026172.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026173.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026174.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026175.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026176.EXE
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026177.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026178.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026179.EXE
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026183.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026184.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026273.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026279.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026282.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026283.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026284.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026285.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026287.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026288.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026289.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026292.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026293.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026294.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026295.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026301.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026302.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026315.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026319.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026323.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026324.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026327.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026328.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026353.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026354.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026369.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026370.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026384.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026385.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026399.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026401.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026419.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026421.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026436.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026437.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026452.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026453.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026465.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026466.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026478.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026479.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026491.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026492.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026504.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026505.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026525.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026526.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026537.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026538.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026550.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026551.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026563.exe
C:\System Volume Information\_restore{DA93E6EB-CF98-47EB-B731-377A4E5ABEC4}\RP235\A0026564.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe

################## [ ! End of Report # FindyKill V4.718 ! ]

Sur ca j'ai mis ativie et je crois qu'il m'a supprimé des vers trojen et rootkit

Je dois encore faire quelquechose ou mon PC est propre ??

Merci

| Alerter

Répondre à chqueste

Angeldark

7 Mars 2009 14:48:44

On va faire une dernière vérif.

Télécharge Random's System Information Tool (RSIT) (de random/random) et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (qui sera affiché)
ainsi que de info.txt (qui sera réduit dans la Barre des Tâches)

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.

| Alerter

Répondre à Angeldark

chqueste

7 Mars 2009 14:53:56

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jeremy at 2009-03-07 15:50:32
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 24 GB (44%) free of 55 GB
Total RAM: 2046 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:57, on 07/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Jeremy\Bureau\RSIT.exe
C:\Program Files\trend micro\Jeremy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Printspooler] C:\Program Files\spooler.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10640 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - Acer eDataSecurity Management - C:\WINDOWS\system32\ToolBand.dll [2005-10-19 94208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-16 15600128]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-11-02 102491]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-02 692315]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2005-12-02 151552]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-10-19 69632]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-01-17 344064]
"Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2006-01-16 3080192]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2005-12-06 458752]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2009-03-07 397312]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-11-30 225280]
"LogitechCameraAssistant"=C:\Program Files\Acer\OrbiCam\CameraAssistant.exe [2005-11-29 438272]
"LogitechVideo[inspector]"=C:\Program Files\Acer\OrbiCam\InstallHelper.exe [2005-11-29 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"ADMTray.exe"=C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2004-08-20 45056]
"Printspooler"=C:\Program Files\spooler.exe []
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-03-07 15872]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2009-03-07 190024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]
"drvsyskit"=C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe []
"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2009-03-07 190024]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-04 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe"="C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\Program Files\Capcom\MotoGP 08\Launcher.exe"="C:\Program Files\Capcom\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08"
"C:\Program Files\spoolsvt.exe"="C:\Program Files\spoolsvt.exe:*:Enabled

rint Spooler"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-03-07 15:50:33 ----D---- C:\Program Files\trend micro
2009-03-07 15:50:32 ----D---- C:\rsit
2009-03-07 15:24:31 ----D---- C:\Program Files\Microsoft
2009-03-07 15:23:29 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-07 15:15:15 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-03-07 14:55:09 ----D---- C:\Program Files\MessengerPlus! 3
2009-03-07 14:38:06 ----D---- C:\Documents and Settings\Jeremy\Application Data\c5
2009-03-07 14:35:25 ----D---- C:\Documents and Settings\Jeremy\Application Data\c3
2009-03-07 14:34:28 ----D---- C:\Program Files\Avira
2009-03-07 14:34:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-07 14:34:05 ----D---- C:\Documents and Settings\Jeremy\Application Data\c2
2009-03-07 14:32:44 ----D---- C:\Documents and Settings\Jeremy\Application Data\c1
2009-03-07 14:27:11 ----HD---- C:\Documents and Settings\Jeremy\Application Data\drivers
2009-03-07 14:20:26 ----A---- C:\FindyKill2.txt
2009-03-07 14:15:55 ----A---- C:\FindyKill.txt
2009-03-06 18:47:32 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-06 18:28:18 ----D---- C:\Program Files\FindyKill
2009-03-05 15:22:22 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-03-05 15:22:13 ----A---- C:\WINDOWS\gmer.exe
2009-03-03 17:54:27 ----D---- C:\Program Files\Unlocker
2009-03-03 17:40:08 ----SHD---- C:\FOUND.001
2009-03-03 17:19:39 ----A---- C:\WINDOWS\msnfix.txt
2009-02-25 22:34:04 ----HD---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-02-20 18:30:12 ----D---- C:\Program Files\HP
2009-02-20 18:27:35 ----HD---- C:\Config.Msi
2009-02-20 18:26:07 ----RA---- C:\WINDOWS\system32\HPZIDS01.dll
2009-02-20 18:25:59 ----A---- C:\WINDOWS\system32\hpz3l054.dll
2009-02-16 11:21:21 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco
2009-02-16 11:21:20 ----D---- C:\Program Files\Raxco
2009-02-12 17:55:44 ----HD---- C:\WINDOWS\$NtUninstallKB960715$

======List of files/folders modified in the last 1 months======

2009-03-07 15:25:46 ----A---- C:\WINDOWS\win.ini
2009-03-07 14:27:22 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-03-07 14:24:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-07 14:19:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-01 10:35:24 ----A---- C:\WINDOWS\system32\eRLog.ini
2009-02-12 17:55:48 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-07 75072]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-19 21275]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-01-09 71184]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-04 1420288]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-05 132352]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-12-02 854826]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-02-12 3968]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-11-08 997376]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-11-08 202240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-17 4069888]
R3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\System32\Drivers\lv321av.sys [2005-11-30 1088896]
R3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-11-30 39424]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2003-04-05 6144]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-02 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-22 162176]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-26 1427968]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-11-08 723712]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
S3 AVerM115;AVerM115 service; C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-24 692992]
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2005-12-02 328141]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-12-02 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-12-02 148488]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-12-02 65016]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 32512]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCB000;SMSC CIR HID Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 15744]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-12-02 266295]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2005-12-02 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2005-12-02 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2005-12-02 61440]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2005-11-30 81920]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [2009-01-13 918792]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [2009-01-13 1021192]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-03 86016]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-04 405504]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-03-07 15:51:59

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer Arcade-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eDataSecurity Management 1.00.23-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x40c -removeonly
Acer eLock Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}
Acer Empowering Technology framework-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Acer eNet Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x40c
Acer ePerformance Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
Acer ePower Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x40c
Acer ePresentation Management-->C:\WINDOWS\UnInst32.exe AcerePrj.UNI
Acer eSettings Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{86ACFE52-BE3A-4E54-840F-D031339825AD}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_AcrS1025\HXFSETUP.EXE -U -IAcrS1025.inf
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel Acer OrbiCam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\setup.exe" -l0x40c
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MotoGP 08-->"C:\Program Files\InstallShield Installation Information\{BDA825AD-D60B-4935-9590-B0F1AC2E0D22}\setup.exe" -runfromtemp -l0x040c -removeonly
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PerfectDisk 10 Professional-->MsiExec.exe /I{7B738CD9-D107-48C7-8E65-2E6639A39C8D}
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Programme de gestion Acer OrbiCam-->"C:\Program Files\Fichiers communs\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l040c
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Réussir ses CV et Lettres de Motivation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3B685A0-4B1A-410F-B630-582324729318}\SETUP.EXE" -l0x40c
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
SMSC CIR HID V5.3.2600.2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x40c UNINSTALL
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1036
TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Avira AntiVir PersonalEdition Classic

System event log

Computer Name: ACER-36ADEA1256
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service int15.sys.

Record Number: 29862
Source Name: Service Control Manager
Time Written: 20090223175745.000000+060
Event Type: Informations
User: ACER-36ADEA1256\Jeremy

Computer Name: ACER-36ADEA1256
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service aswRdr.

Record Number: 29861
Source Name: Service Control Manager
Time Written: 20090223175745.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: ACER-36ADEA1256
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 29860
Source Name: Service Control Manager
Time Written: 20090223175745.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

Record Number: 29859
Source Name: Service Control Manager
Time Written: 20090223175745.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

Record Number: 29858
Source Name: Service Control Manager
Time Written: 20090223175745.000000+060
Event Type: Informations
User: ACER-36ADEA1256\Jeremy

Application event log

Computer Name: ACER-36ADEA1256
Event Code: 0
Message:
Record Number: 2120
Source Name: RichVideo
Time Written: 20090203175923.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 0
Message:
Record Number: 2119
Source Name: RegSrvc
Time Written: 20090203175922.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 0
Message:
Record Number: 2118
Source Name: btwdins
Time Written: 20090203175922.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 0
Message:
Record Number: 2117
Source Name: EvtEng
Time Written: 20090203175913.000000+060
Event Type: Informations
User:

Computer Name: ACER-36ADEA1256
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur ACER-36ADEA1256\Jeremy alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.

Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 2116
Source Name: Userenv
Time Written: 20090202225330.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

| Alerter

Répondre à chqueste

Angeldark

7 Mars 2009 18:02:51

C'est pas tout à fait propre.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

[#FF0000]Aide :

Comment utiliser MBAM.

Comment faire démarrer son ordinateur en mode sans échec.

| Alerter

Répondre à Angeldark

chqueste

8 Mars 2009 11:54:50

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1826
Windows 5.1.2600 Service Pack 3

08/03/2009 12:39:33
mbam-log-2009-03-08 (12-39-33).txt

Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 132531
Temps écoulé: 20 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Printspooler (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Voila le rapport
C'est bon mon pc est entierement propre ??

| Alerter

Répondre à chqueste

Angeldark

8 Mars 2009 18:25:55

Refais un scan RSTI pour voir.

| Alerter

Répondre à Angeldark

chqueste

9 Mars 2009 17:16:09

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jeremy at 2009-03-09 18:13:58
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 21 GB (38%) free of 55 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:03, on 09/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Jeremy\Bureau\RSIT.exe
C:\Program Files\trend micro\Jeremy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10495 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - Acer eDataSecurity Management - C:\WINDOWS\system32\ToolBand.dll [2005-10-19 94208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-16 15600128]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-11-02 102491]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-02 692315]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2005-12-02 151552]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-10-19 69632]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-01-17 344064]
"Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2006-01-16 3080192]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2005-12-06 458752]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2009-03-07 397312]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-11-30 225280]
"LogitechCameraAssistant"=C:\Program Files\Acer\OrbiCam\CameraAssistant.exe [2005-11-29 438272]
"LogitechVideo[inspector]"=C:\Program Files\Acer\OrbiCam\InstallHelper.exe [2005-11-29 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"ADMTray.exe"=C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2004-08-20 45056]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-03-07 15872]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2009-03-07 190024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]
"drvsyskit"=C:\Documents and Settings\Jeremy\Application Data\drivers\winupgro.exe []
"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2009-03-07 190024]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-04 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe"="C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\Program Files\Capcom\MotoGP 08\Launcher.exe"="C:\Program Files\Capcom\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08"
"C:\Program Files\spoolsvt.exe"="C:\Program Files\spoolsvt.exe:*:Enabled

rint Spooler"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-03-08 11:53:04 ----D---- C:\Documents and Settings\Jeremy\Application Data\Malwarebytes
2009-03-08 11:52:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-08 11:52:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-07 15:50:33 ----D---- C:\Program Files\trend micro
2009-03-07 15:50:32 ----D---- C:\rsit
2009-03-07 15:24:31 ----D---- C:\Program Files\Microsoft
2009-03-07 15:23:29 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-07 15:15:15 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-03-07 14:55:09 ----D---- C:\Program Files\MessengerPlus! 3
2009-03-07 14:38:06 ----D---- C:\Documents and Settings\Jeremy\Application Data\c5
2009-03-07 14:35:25 ----D---- C:\Documents and Settings\Jeremy\Application Data\c3
2009-03-07 14:34:28 ----D---- C:\Program Files\Avira
2009-03-07 14:34:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-07 14:34:05 ----D---- C:\Documents and Settings\Jeremy\Application Data\c2
2009-03-07 14:32:44 ----D---- C:\Documents and Settings\Jeremy\Application Data\c1
2009-03-07 14:27:11 ----HD---- C:\Documents and Settings\Jeremy\Application Data\drivers
2009-03-07 14:20:26 ----A---- C:\FindyKill2.txt
2009-03-07 14:15:55 ----A---- C:\FindyKill.txt
2009-03-06 18:47:32 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-06 18:28:18 ----D---- C:\Program Files\FindyKill
2009-03-05 15:22:22 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-03-05 15:22:13 ----A---- C:\WINDOWS\gmer.exe
2009-03-03 17:54:27 ----D---- C:\Program Files\Unlocker
2009-03-03 17:40:08 ----SHD---- C:\FOUND.001
2009-03-03 17:19:39 ----A---- C:\WINDOWS\msnfix.txt
2009-02-25 22:34:04 ----HD---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-02-20 18:30:12 ----D---- C:\Program Files\HP
2009-02-20 18:27:35 ----HD---- C:\Config.Msi
2009-02-20 18:26:07 ----RA---- C:\WINDOWS\system32\HPZIDS01.dll
2009-02-20 18:25:59 ----A---- C:\WINDOWS\system32\hpz3l054.dll
2009-02-16 11:21:21 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco
2009-02-16 11:21:20 ----D---- C:\Program Files\Raxco
2009-02-12 17:55:44 ----HD---- C:\WINDOWS\$NtUninstallKB960715$

======List of files/folders modified in the last 1 months======

2009-03-09 17:54:52 ----A---- C:\WINDOWS\win.ini
2009-03-09 17:54:34 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-03-08 23:04:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-07 14:19:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-01 10:35:24 ----A---- C:\WINDOWS\system32\eRLog.ini
2009-02-12 17:55:48 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-07 75072]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-19 21275]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-01-09 71184]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-04 1420288]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-05 132352]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-12-02 854826]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-02-12 3968]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-11-08 997376]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-11-08 202240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-17 4069888]
R3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\System32\Drivers\lv321av.sys [2005-11-30 1088896]
R3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-11-30 39424]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2003-04-05 6144]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-02 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-22 162176]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-26 1427968]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-11-08 723712]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 AVerM115;AVerM115 service; C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-24 692992]
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2005-12-02 328141]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-12-02 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-12-02 148488]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-12-02 65016]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 32512]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCB000;SMSC CIR HID Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 15744]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-12-02 266295]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2005-12-02 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2005-12-02 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2005-12-02 61440]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2005-11-30 81920]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [2009-01-13 918792]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [2009-01-13 1021192]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-03 86016]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-04 405504]

-----------------EOF-----------------

Voila le dernier scan

| Alerter

Répondre à chqueste

Angeldark

9 Mars 2009 17:59:55

On va attaquer avec Combofix.

| Alerter

Répondre à Angeldark

chqueste

11 Mars 2009 20:39:21

Je le trouve ou ?

Pasque d'apres mes recherches rapides sur le net faut bien s'y connaitre pour faire aller combofix nen ?

| Alerter

Répondre à chqueste

Angeldark

12 Mars 2009 16:06:35

Au temps pour moi, j'ai oublié la procédure xD

Télécharge ComboFix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)

Double clique sur ComboFix.exe.

Accepte la licence en cliquant sur Oui.

Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !

Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

| Alerter

Répondre à Angeldark

chqueste

15 Mars 2009 10:51:33

Bonjour
Je n'arrive pas a utiliser combofix
Quand je clic dessus une petite fenetre s'ouvre et charge puis un message d'erreur apparait en disant que tous les fichiers non pas pu etre créer et que je doit redémarrer, j'ai donc redémaré mais rien ne change

| Alerter

Répondre à chqueste

Angeldark

15 Mars 2009 11:46:36

Re,

On va faire autrement alors.

Télécharge OTMoveIt3 (de OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

:processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"=-

:files
c:\temp1\*.txt /s
C:\Documents and Settings\Jeremy\Application Data\drivers
C:\FOUND.?

:commands
[emptytemp]
[start explorer]
[reboot]

Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

| Alerter

Répondre à Angeldark

chqueste

15 Mars 2009 12:10:19

Voila le rapport:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\drvsyskit deleted successfully.
========== FILES ==========
File/Folder c:\temp1\*.txt not found.
C:\Documents and Settings\Jeremy\Application Data\drivers\downld moved successfully.
C:\Documents and Settings\Jeremy\Application Data\drivers moved successfully.
File/Folder C:\FOUND.? not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Jeremy\LOCALS~1\Temp\Perflib_Perfdata_5b4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jeremy\LOCALS~1\Temp\Perflib_Perfdata_fa0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jeremy\LOCALS~1\Temp\Perflib_Perfdata_f88.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_NmtibA945O1QnJs scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03152009_130112

Files moved on Reboot...
File C:\DOCUME~1\Jeremy\LOCALS~1\Temp\Perflib_Perfdata_5b4.dat not found!
File C:\DOCUME~1\Jeremy\LOCALS~1\Temp\Perflib_Perfdata_fa0.dat not found!
File C:\DOCUME~1\Jeremy\LOCALS~1\Temp\Perflib_Perfdata_f88.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\CLML_AGENT_LOG1.txt moved successfully.
File C:\WINDOWS\temp\sqlite_NmtibA945O1QnJs not found!

| Alerter

Répondre à chqueste

Angeldark

15 Mars 2009 12:33:08

Refais un scan RSTI pour voir.

| Alerter

Répondre à Angeldark

chqueste

15 Mars 2009 13:11:23

Le voici

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jeremy at 2009-03-15 14:10:23
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 18 GB (33%) free of 55 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:27, on 15/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jeremy\Bureau\RSIT.exe
C:\Program Files\trend micro\Jeremy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A622A24D-4463-4C43-A78D-C56CC37E1603}: NameServer = 192.168.1.1
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10506 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - Acer eDataSecurity Management - C:\WINDOWS\system32\ToolBand.dll [2005-10-19 94208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-16 15600128]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-11-02 102491]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-02 692315]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2005-12-02 151552]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-10-19 69632]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-01-17 344064]
"Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2006-01-16 3080192]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2005-12-06 458752]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2009-03-07 397312]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-11-30 225280]
"LogitechCameraAssistant"=C:\Program Files\Acer\OrbiCam\CameraAssistant.exe [2005-11-29 438272]
"LogitechVideo[inspector]"=C:\Program Files\Acer\OrbiCam\InstallHelper.exe [2005-11-29 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"ADMTray.exe"=C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2004-08-20 45056]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-03-07 15872]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2009-03-07 190024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]
"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2009-03-07 190024]
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2008-05-11 5423104]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-04 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe"="C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\Program Files\Capcom\MotoGP 08\Launcher.exe"="C:\Program Files\Capcom\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08"
"C:\Program Files\spoolsvt.exe"="C:\Program Files\spoolsvt.exe:*:Enabled

rint Spooler"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-03-15 13:01:13 ----D---- C:\_OTMoveIt
2009-03-15 11:50:13 ----D---- C:\32788R22FWJFW
2009-03-15 11:28:20 ----D---- C:\Qoobox
2009-03-15 11:28:19 ----A---- C:\Bug.txt
2009-03-15 11:28:17 ----A---- C:\WINDOWS\system32\cmd.execf
2009-03-14 08:23:43 ----HD---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-14 08:23:25 ----HD---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-14 08:20:44 ----SHD---- C:\FOUND.002
2009-03-11 22:33:55 ----HD---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-08 11:53:04 ----D---- C:\Documents and Settings\Jeremy\Application Data\Malwarebytes
2009-03-08 11:52:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-08 11:52:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-07 15:50:33 ----D---- C:\Program Files\trend micro
2009-03-07 15:50:32 ----D---- C:\rsit
2009-03-07 15:24:31 ----D---- C:\Program Files\Microsoft
2009-03-07 15:23:29 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-07 15:15:15 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-03-07 14:55:09 ----D---- C:\Program Files\MessengerPlus! 3
2009-03-07 14:38:06 ----D---- C:\Documents and Settings\Jeremy\Application Data\c5
2009-03-07 14:35:25 ----D---- C:\Documents and Settings\Jeremy\Application Data\c3
2009-03-07 14:34:28 ----D---- C:\Program Files\Avira
2009-03-07 14:34:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-07 14:34:05 ----D---- C:\Documents and Settings\Jeremy\Application Data\c2
2009-03-07 14:32:44 ----D---- C:\Documents and Settings\Jeremy\Application Data\c1
2009-03-07 14:20:26 ----A---- C:\FindyKill2.txt
2009-03-07 14:15:55 ----A---- C:\FindyKill.txt
2009-03-06 18:47:32 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-06 18:28:18 ----D---- C:\Program Files\FindyKill
2009-03-05 15:22:22 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-03-05 15:22:13 ----A---- C:\WINDOWS\gmer.exe
2009-03-03 17:54:27 ----D---- C:\Program Files\Unlocker
2009-03-03 17:40:08 ----SHD---- C:\FOUND.001
2009-03-03 17:19:39 ----A---- C:\WINDOWS\msnfix.txt
2009-02-25 22:34:04 ----HD---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-02-20 18:31:28 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-02-20 18:30:12 ----D---- C:\Program Files\HP
2009-02-20 18:27:35 ----HD---- C:\Config.Msi
2009-02-20 18:26:07 ----RA---- C:\WINDOWS\system32\HPZIDS01.dll
2009-02-20 18:25:59 ----A---- C:\WINDOWS\system32\hpz3l054.dll
2009-02-16 11:21:21 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco
2009-02-16 11:21:20 ----D---- C:\Program Files\Raxco

======List of files/folders modified in the last 1 months======

2009-03-15 13:05:02 ----A---- C:\WINDOWS\win.ini
2009-03-15 13:04:42 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-03-15 13:02:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-14 08:23:40 ----A---- C:\WINDOWS\imsins.BAK
2009-03-07 14:19:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-01 10:35:24 ----A---- C:\WINDOWS\system32\eRLog.ini
2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-07 75072]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-19 21275]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-01-09 71184]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-04 1420288]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-04-05 132352]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-12-02 854826]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-02-12 3968]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-11-08 997376]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-11-08 202240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-17 4069888]
R3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\System32\Drivers\lv321av.sys [2005-11-30 1088896]
R3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-11-30 39424]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2003-04-05 6144]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-02 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-22 162176]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-26 1427968]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-11-08 723712]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 AVerM115;AVerM115 service; C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-24 692992]
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2005-12-02 328141]
S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-12-02 30363]
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-12-02 148488]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-12-02 65016]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 32512]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCB000;SMSC CIR HID Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2005-12-06 15744]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-12-02 266295]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2005-12-02 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2005-12-02 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2005-12-02 61440]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2005-11-30 81920]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [2009-01-13 918792]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [2009-01-13 1021192]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-03 86016]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-04 405504]

-----------------EOF--------

| Alerter

Répondre à chqueste

Angeldark

15 Mars 2009 14:17:47

Ton pc se comporte mieux ?

| Alerter

Répondre à Angeldark

chqueste

15 Mars 2009 18:05:24

Oui je n'ai plus aucun probleme

Il est propre ?? plus aucun squateur ??

| Alerter

Répondre à chqueste

Angeldark

16 Mars 2009 16:25:12

Normalement c'est bon.

| Alerter

Répondre à Angeldark

chqueste

16 Mars 2009 17:24:24

Ok bah moi j'ai plus de probleme dc ca doit etre bon

Merci pr tout ce temps de passé Angeldark

Si je peux faire quoi que ce soit pour t'aider n'hesite pas

| Alerter

Répondre à chqueste

Angeldark

16 Mars 2009 18:08:54

Bon surf

| Alerter

Répondre à Angeldark

Tom's guide dans le monde