Windows installer mal installé ou endommagé?

Bonjour, j\'ai appremment un souci avec Windows Installer. Problème qui s\'aggrave de jour en jour, en effet, il ne se passe pas un jour sans qu\'un fichier (tels que:s\'écaillent ou enredandonos\" et autres noms bizarres) ne doive être fermé car W.I serait mal installé ou aurait un problème! Autre souci, je ne peux plus ni utiliser certains logiciels, ni les réinstaller, ni en installer de nouveaux ce qui fait qu je ne peux avoir qu\'une utilisation de plus en plus restrictive de mon ordi. Merci d\'avance pour vos réponses.

Bonjour,

avant de penser à réparer Windows installer ou l\'OS il serait bien de vérifier ton ordi en profondeur à la recherche d\'une infection éventuelle.

pour cela:
• Télécharge Random\'s System Information Tool (RSIT)images.malwareremoval.com/random/RSIT.exe de Random/Random, et enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l\'outil.(exécuter en tant qu\'administrateur sous vista)
• Clique sur \"Continue\" à l\'écran Disclaimer.
• Si l\'outil HijackThis n\'est pas présent ou non détecté sur l\'ordinateur, RSIT le téléchargera (autorise l\'accès dans ton pare-feu s\'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les[S] dans deux messages séparés[/S] stp

Tutoriel illustré pour t\'aider : forum-aide-contre-virus.be/tutoriel_RSIT.html

Bonjour,
merci pour la réponse: ok jusqu\'au double click de RSIT.exe, réponse RSIT.exe n\'est pas 1 application Win32 valide!

Bonjour,

* Important 1 : si vous avez Vista, vous devez désactiver l\'UAC le temps de la désinfection.
* Important 2 : si vous avez TeaTimer (le résident de Spybot), désactivez-le sinon il risque de gêner la désinfection.
o Démarrez Spybot, cliquez sur Mode, cochez Mode avancé.
o A gauche, cliquez sur Outils, puis sur Résident.
o Décochez la case devant Résident \"TeaTimer\" puis quittez Spybot :

* Télécharge FindyKillpagesperso-orange.fr/NosTools/Chiquitine29/FindyKill.exe (de Chiquitine29 & C_XX) sur ton Bureau.
* Double-clic sur le programme FindyKill présent sur ton Bureau.
* Choisis l\'option 1 (Recherche).
* Laisse travailler l\'outil.
* Ensuite poste le rapport FindyKill.txt qui apparaîtra.
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque. (C:FindyKill.txt)

Bonjour,
Donc je ne peux aller au delà? impossible d\'arriver à continue!

Bonjour,

as tu lu mon dernier post?

Bonjour,

Suis ce que te demande jllg, il tente de t\'aider, il est probable que tu sois victime d\'un malware assez virulent du nom de bagle, passes l\'outil findykill, s\'il ne fonctionne pas non plus fais le nous savoir.

Bonjour,

ouais, ça y est il fait son boulot , par contre qu\'entends tu par poste le rapport qui apparaîtra? merci

Bonjour,

poste le rapport qui apparaîtra

tu fais un copié/collé de ce rapport dans ta prochaine réponse sur ce forum

Bonjour,
Je suppose que si je te fais un copié collé du rapport c\'est bon, excuses moi mais au niveau technique je suis nul!
############################## | FindyKill V5.016 |

# User : perez (Administrateurs) # PC-DE-PEREZ
# Update on 26/10/2009 by Chiquitine29
# Start at: 22:45:16 | 28/10/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18828
# Windows Firewall Status : Enabled

# C:\\ # Disque fixe local # 228,12 Go (136,9 Go free) [ACER] # NTFS
# D:\\ # Disque fixe local # 227,87 Go (219,13 Go free) [DATA] # NTFS
# F:\\ # Disque CD-ROM # 628,75 Mo (0 Mo free) [SAUV3] # CDFS
# J:\\ # Disque amovible
# K:\\ # Disque amovible
# L:\\ # Disque amovible
# M:\\ # Disque amovible

############################## | Processus actifs |

C:\\Windows\\System32\\smss.exe
C:\\Windows\\system32\\csrss.exe
C:\\Windows\\system32\\wininit.exe
C:\\Windows\\system32\\csrss.exe
C:\\Windows\\system32\\services.exe
C:\\Windows\\system32\\lsass.exe
C:\\Windows\\system32\\lsm.exe
C:\\Windows\\system32\\winlogon.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\System32\\svchost.exe
C:\\Windows\\System32\\svchost.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\SLsvc.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\svchost.exe
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\System32\\spoolsv.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\CLMSServer.exe
C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe
C:\\Acer\\ALaunch\\ALaunchSvc.exe
C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSService.exe
C:\\Windows\\system32\\spool\\drivers\\w32x86\\hpzstatn.exe
C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
C:\\Windows\\system32\\svchost.exe
C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\System32\\svchost.exe
C:\\Windows\\system32\\SearchIndexer.exe
C:\\Acer\\Empowering Technology\\eRecovery\\eRecoveryService.exe
C:\\Windows\\system32\\WUDFHost.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
C:\\Windows\\system32\\wbem\\wmiprvse.exe
C:\\Users\\perez\\AppData\\Roaming\\eoRezo\\SoftwareUpdate\\SoftwareUpdateHP.exe
C:\\Windows\\RtHDVCpl.exe
C:\\Acer\\Empowering Technology\\SysMonitor.exe
C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSLoader.exe
C:\\Windows\\System32\\nvraidservice.exe
C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Windows\\tsnpstd3.exe
C:\\Windows\\vsnpstd3.exe
C:\\Program Files\\AMT Media Manager\\AMTDeviceService.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\mobsync.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Windows\\system32\\wbem\\wmiprvse.exe
C:\\Windows\\system32\\wbem\\unsecapp.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Acer\\Empowering Technology\\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\\Acer\\Empowering Technology\\eRecovery\\ERAGENT.EXE
C:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbarUser_32.exe
C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBAMSvc.exe
C:\\Windows\\system32\\wuauclt.exe
C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Registry_Doktor 4.1\\RegistryDoktor.exe
C:\\Windows\\system32\\SearchProtocolHost.exe
C:\\Windows\\system32\\conime.exe

################## | C: |


################## | C:\\Windows |


################## | C:\\Windows\\system32 |


################## | C:\\Windows\\system32\\drivers |


################## | C:\\Users\\perez\\AppData\\Roaming |

################## | Autres detections ... |

################## | Temporary Internet Files |


################## | Registre / Clés infectieuses |

Présent ! [HKLM\\software\\microsoft\\security center\\Svc] \"AntiVirusOverride\"
Présent ! [HKLM\\software\\microsoft\\security center\\Svc] \"FirewallOverride\"

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK

# Mode sans echec : OK

# Uac : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V5.016 ! |

Bonjour,

Quand findykill aura fini son travail, un fichier bloc-notes va s\'ouvrir, tu copies colles tout ce qui s\'y trouve.

post = copier/coller le rapport que va généré l\'outil dans ta prochaine réponse.

Bonjour,

ouais super c\'est ce que j\'ai fait!

Bonjour,

ce n\'est pas fini

* Double-clique sur le programme FindyKill présent sur ton Bureau.
* Choisis [S]l\'option 2[/S] (Suppression).
* ton Bureau disparaîtra et le PC redémarrera.
* Au redémarrage , FindyKill scannera ton PC, laissez travailler l\'outil.
* Ensuite poste le nouveau rapport FindyKill.txt qui apparaîtra sur le Bureau.
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque. (C:\\FindyKill.txt)

Bonjour,

ray66300 roule sous vista jllg, penses à faire lancer les outils par clique droit \"exécuter en tant qu\'administrateur\" avec cet OS, tout comme sept d\'ailleurs.

Je t\'envoie mon canned pour cet outil en MP

Bonjour,

ray66300 si tu n\'as pas encore lancé l\'outil attends un peu je viens de voir le post de malwarebleach et de m\'apercevoir de mon coté que j\'ai oublié de te faire brancher tes clés usb et disques dur externes succeptibles d\'avoir été infectés

Bonjour,

voici donc ce que tu dois faire pour le Mode suppression :

* Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
* tutoriel nettoyage : pagesperso-orange.fr/NosTools/tuto_fyk3.html
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
* Fais clic droit sur le raccourci FindyKill sur ton bureau
* Choisis exécuter en tant qu\'administrateur
* Au menu principal,choisis l\'option 2 (Suppression)

/!\\ il y aura 2 redémarrage, laisse travailler l\'outil jusqu\'à l\'apparition du message \"nettoyage effectué\"

/!\\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c\'est normal !

* ensuite post le rapport FindyKill.txt

* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

/!\\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet \"Fichier\" , \"Nouvelle tâche\" , tapes explorer.exe et valides) /!\\

A lire :

Le danger des cracks : forum.malekal.com/ftopic893.php

Bagle/Beagle : forum.malekal.com/viewtopic.php?f=33&t=4442

Bonjour,

Bonjour,
Trop tard voici le rapport, dis-moi si malgré tout je dois enchainer avec ton dernier message?
############################## | FindyKill V5.016 |

# User : perez (Administrateurs) # PC-DE-PEREZ
# Update on 26/10/2009 by Chiquitine29
# Start at: 23:08:46 | 28/10/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18828
# Windows Firewall Status : Enabled

# C: # Disque fixe local # 228,12 Go (136,73 Go free) [ACER] # NTFS
# D: # Disque fixe local # 227,87 Go (219,13 Go free) [DATA] # NTFS
# F: # Disque CD-ROM # 628,75 Mo (0 Mo free) [SAUV3] # CDFS
# J: # Disque amovible
# K: # Disque amovible
# L: # Disque amovible
# M: # Disque amovible

############################## | Processus actifs |

C:WindowsSystem32smss.exe
C:Windowssystem32csrss.exe
C:Windowssystem32wininit.exe
C:Windowssystem32csrss.exe
C:Windowssystem32services.exe
C:Windowssystem32lsass.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe
C:Windowssystem32svchost.exe
C:Windowssystem32winlogon.exe
C:WindowsSystem32svchost.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32LogonUI.exe
C:Windowssystem32svchost.exe
C:Windowssystem32svchost.exe
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe
C:Windowssystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe
C:Windowssystem32 askeng.exe
C:Windowssystem32 askeng.exe
C:Windowssystem32
undll32.exe
C:Windowssystem32 askeng.exe
C:Program FilesAcer Arcade LiveAcer HomeMedia ConnectKernelDMSCLMSServer.exe
C:AcerEmpowering TechnologyePerformanceMemCheck.exe
C:AcerALaunchALaunchSvc.exe
C:AcerEmpowering TechnologyeDataSecurityeDSService.exe
C:Windowssystem32spooldriversw32x86hpzstatn.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Windowssystem32svchost.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:Windowssystem32svchost.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32SearchIndexer.exe
C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe
C:Windowssystem32WUDFHost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Windowssystem32
unonce.exe
C:Windowssystem32wbemwmiprvse.exe
C:UsersperezAppDataRoamingeoRezoSoftwareUpdateSoftwareUpdateHP.exe
C:Windowssystem32conime.exe

################## | C: |


################## | C:Windows |

Supprimé ! C:WindowsPrefetchWINUPGRO.EXE-B9E72D89.pf

################## | C:Windowssystem32 |


################## | C:Windowssystem32drivers |


################## | C:UsersperezAppDataRoaming |

################## | Autres suppressions ... |

################## | Temporary Internet Files |


################## | Registre / Clés infectieuses |


################## | Etat / Services / Informations |

# Mode sans echec : OK


# Affichage des fichiers cachés : OK

# Uac : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V5.016 ! |

Bonjour,

passe à la suite jllg

Bonjour,

ce n\'est pas grave

tu vas maintenant tenter de faire un examen avec RSIT je te rappelle la manip

• Double clique sur RSIT.exe pour lancer l\'outil.( clic droit /exécuter en tant qu\'administrateur sous vista)
• Clique sur \"Continue\" à l\'écran Disclaimer.
• Si l\'outil HijackThis n\'est pas présent ou non détecté sur l\'ordinateur, RSIT le téléchargera (autorise l\'accès dans ton pare-feu s\'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

Tutoriel illustré pour t\'aider : forum-aide-contre-virus.be/tutoriel_RSIT.html

Bonjour,

RSIT ne démarre pas! toujours la même réponse:
RSIT.exe n\'est pas 1 application Win32 valide

Bonjour,de plus je n\'arrive pas à désactiver mon compte utilisateur

le composant utilisateurs et groupes locaux ne s\'affiche pas j\'ai fait la manip préconisé afin d\'ajouter le composant logiciel enfichable mais la réponse que je reçois est que cette action est impossible avec ma version vista

Bonjour,

il va falloir monter d\'un cran et l\'outils à utiliser demande une grande connaissance,si malwarebleach est disponible attends un peu sinon la suite demain

Ok, je suis à votre entière disposition, en attendant merci pour votre aide. Je ne quitte pas.

Bonjour,

avant d\'aller dormir essaie ceci

renomme(clic droit dessus/renommer) le fichier RSIT.exe sur ton bureau en RAY.exe
et esssaie de le lancer comme indiqué ci dessus

tiens nous au courant

Bonjour,

réponse habituelle : RAY.exe n\'est pas 1 application Win32 valide! Je vous souhaite une bonne nuit et je vous retrouve demain. Merci encore pour votre aide.

Bonjour,


ok, bonne nuit à toi aussi ,nous avons quand même avancé

Bonjour,

A la demande de jllg, je viens donner un coup de main.

RSIT ne veux pas se lancer, voilà ce que tu vas faire :

Avant de passer à l\'artillerie lourde, on va tenter d\'obtenir un autre diagnostic complet de ton pc.

- ouvre ce lien et télécharge ZHPDiag : telechargement.zebulon.fr/zhpdiag.html
- Enregistre le sur ton Bureau.
- Une fois le téléchargement achevé,fais un double clic sur ZHPDiag.exe et suis les instructions.

N\'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

- Double clique sur le raccourci ZHPDiag sur ton Bureau.

/|\\ l\'outil a créé 2 icônes ZHPDiag et ZHPFix.

- Clique sur le Tournevis puis sur Tous pour cocher toutes les cases des options.
- Décoche les cases O45 et O61.
- Clique sur la loupe pour lancer l\'analyse.
- Laisse l\'outil travailler, il peut être assez long.
- Ferme ZHPDiag en fin d\'analyse.


Pour transmettre le rapport clique sur ce lien :www.cijoint.fr/

- Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\\Program Files\\ZHPDiag).

- Sélectionne le fichier ZHPDiag.txt.

- Clique sur \"Cliquez ici pour déposer le fichier\".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.

Bonjour,ok c\'est parti et encore merci!

Bonjour,

Ca y est c\'est fait voici le lien:
http://www.cijoint.fr/cjlink.php?file=cj200910/cijcNBpxcP.txt

Bonjour,

J\'ai trouvé d\'où vient le problème, c\'est Quad registry cleaner qui est en cause.

Je te prépare un script de suppression, et on continue ta désinfection, tu as d\'autres infections présentes sur ton ordinateur.

A plus tard !

Bonjour,comme dirait l\'autre, j\'auri su je... l\'aurai pas acheté alors!

Bonjour,

Si tu l\'as acheté tu t\'es fait arnaqué, ce genre de faux programme se nomme un rogue, ne sert à rien et en plus te pique ton poignon, c\'est le but de ce genre de logiciel...

Tu as aussi des infections qui se propagent par support amovible, une infection par les programmes EoRezo et pour finir une infection de type Navipromo.Pas mal tout de même.

On va tout d\'abord traiter l\'infection rogue par un script de suppression suis à la lettre ce que je te demande :


* Télécharge OTM (OtmoveIT de Old_Timer) sur ton Bureau : oldtimer.geekstogo.com/OTM.exe
* Double-clique sur OTM.exe pour le lancer.
* Assure toi que la case Unregister Dll\'s and Ocx\'s soit bien cochée.
* Copie la liste qui se trouve entre les lignes en pointillés (donc sans les pointillés) la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste List of Files/Folders to move.


-----------------------------


:Reg
[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SBRegRebootCleaner\"=-
[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"QUAD Cleaner\"=-
[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"cajip\"=-



:files
C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware
C:\\Program Files\\QUAD Utilities\\QUAD RegistryCleaner
C:\\Program Files\\Registry Cleaner
C:\\Program Files\\Registry Winner
C:\\Program Files\\Registry_Doktor 4.1

:commands
[emptytemp]
[start explorer]
[reboot]


-----------------------------

* clique sur MoveIt! pour lancer la suppression.
* Le résultat apparaitra dans le cadre \"Results\".
* Clique sur Exit pour fermer.
* Poste le rapport situé dans C:\\_OTM\\MovedFiles.
* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c\'est le cas accepte par Yes.

ensuite redémarre le pc et refais un nouveau rapport RSIT mais poste uniquement le fichier log.txt cette fois-ci.

Il va te falloir un peu de patience pendant toute la durée de ta désinfection, en final tu auras un pc propre réactif et une augmentation de ton débit internet si on compare à aujourd\'hui.

Bonne chasse aux malwares en ma compagnie et celle de jllg

Bonjour,
voilà, voilà, ton dernier mail m\'a rendu un brin de sourire, non seulement vous redonnez un coup de jeune à la machine, mais vous redonnez espoir aux pauvres utilisateurs faut que la sécu vous rembourse, y a pas à dire! Bon allez je t\'envoie le rapport:
Logfile of random\'s system information tool 1.06 (written by random/random)
Run by perez at 2009-10-29 17:46:29
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 143 GB (61%) free of 234 GB
Total RAM: 3071 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:55, on 29/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\system32\\taskeng.exe
C:\\Users\\perez\\AppData\\Roaming\\eoRezo\\SoftwareUpdate\\SoftwareUpdateHP.exe
C:\\Windows\\RtHDVCpl.exe
C:\\Acer\\Empowering Technology\\SysMonitor.exe
C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSLoader.exe
C:\\Windows\\System32\\nvraidservice.exe
C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Windows\\tsnpstd3.exe
C:\\Windows\\vsnpstd3.exe
C:\\Program Files\\AMT Media Manager\\AMTDeviceService.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\mobsync.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Windows\\system32\\wbem\\unsecapp.exe
C:\\Acer\\Empowering Technology\\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\\Acer\\Empowering Technology\\eRecovery\\ERAGENT.EXE
C:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbarUser_32.exe
C:\\Windows\\system32\\wuauclt.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Users\\perez\\Desktop\\RSIT.exe
C:\\Program Files\\trend micro\\perez.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Local Page =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d\'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Program Files\\Real\\RealPlayer\\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\\Windows\\system32\\ActiveToolBand.dll
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\\Program Files\\Megaupload\\Mega Manager\\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\\Windows\\system32\\eDStoolbar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O4 - HKLM\\..\\Run: [ALaunch] C:\\Acer\\ALaunch\\AlaunchClient.exe
O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\\..\\Run: [Acer Empowering Technology Monitor] C:\\Acer\\Empowering Technology\\SysMonitor.exe
O4 - HKLM\\..\\Run: [eDataSecurity Loader] C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe
O4 - HKLM\\..\\Run: [PCMMediaSharing] C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [WarReg_PopUp] C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe
O4 - HKLM\\..\\Run: [NVRaidService] C:\\Windows\\system32\\nvraidservice.exe
O4 - HKLM\\..\\Run: [Acer Tour Reminder] C:\\Acer\\AcerTour\\Reminder.exe
O4 - HKLM\\..\\Run: [PlayMovie] \"C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe\"
O4 - HKLM\\..\\Run: [hpfsched] C:\\Windows\\hpfsched.exe
O4 - HKLM\\..\\Run: [NeroCheck] C:\\Windows\\system32\\\\NeroCheck.exe
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKLM\\..\\Run: [tsnpstd3] C:\\Windows\\tsnpstd3.exe
O4 - HKLM\\..\\Run: [snpstd3] C:\\Windows\\vsnpstd3.exe
O4 - HKLM\\..\\Run: [AMTDeviceService] \"C:\\Program Files\\AMT Media Manager\\AMTDeviceService.exe\"
O4 - HKLM\\..\\Run: [SBRegRebootCleaner] C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBRC.exe
O4 - HKLM\\..\\Run: [Skytel] Skytel.exe
O4 - HKLM\\..\\Run: [NvSvc] RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [Google Quick Search Box] \"C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe\" /autorun
O4 - HKLM\\..\\RunOnce: [SoftwareHelper] C:\\Users\\perez\\AppData\\Roaming\\eoRezo\\SoftwareUpdate\\SoftwareUpdateHP.exe -runonce
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [WMPNSCFG] C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe
O4 - HKCU\\..\\Run: [swg] \"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE RÉSEAU\')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra \'Tools\' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\\Acer\\ALaunch\\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\\Acer\\Empowering Technology\\eRecovery\\eRecoveryService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\\Windows\\system32\\spool\\drivers\\w32x86\\hpzstatn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
O23 - Service: AntiMalware (SBAMSvc) - Sunbelt Software - C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBAMSvc.exe

--
End of file - 10474 bytes

======Scheduled tasks folder======

C:\\Windows\\tasks\\EasyShare Registration RunOnce Task.job
C:\\Windows\\tasks\\EasyShare Registration Task.job
C:\\Windows\\tasks\\QUADRegistryCleaner.job
C:\\Windows\\tasks\\Registry Winner Schedule.job
C:\\Windows\\tasks\\User_Feed_Synchronization-{C83E99AB-92FB-4A11-A65D-4276CA67BD82}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d\'Adobe PDF Reader - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\\Program Files\\Real\\RealPlayer\\rpbrowserrecordplugin.dll [2009-04-09 312928]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\\Windows\\system32\\ActiveToolBand.dll [2007-04-25 299008]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll [2009-08-26 256112]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll [2009-10-08 762864]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\\Program Files\\Megaupload\\Mega Manager\\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll [2009-08-26 458736]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\\Windows\\system32\\eDStoolbar.dll [2007-04-25 151552]
{A057A204-BACC-4D26-C39E-35F1D2A32EC8}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll [2009-08-26 256112]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ALaunch\"=C:\\Acer\\ALaunch\\AlaunchClient.exe [2007-01-26 540672]
\"RtHDVCpl\"=C:\\Windows\\RtHDVCpl.exe [2007-10-11 4702208]
\"Acer Empowering Technology Monitor\"=C:\\Acer\\Empowering Technology\\SysMonitor.exe [2007-09-07 326176]
\"eDataSecurity Loader\"=C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe [2007-04-25 457216]
\"PCMMediaSharing\"=C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe [2007-06-21 204908]
\"Adobe Reader Speed Launcher\"=C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe [2007-05-11 40048]
\"WarReg_PopUp\"=C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe [2006-11-05 57344]
\"NVRaidService\"=C:\\Windows\\system32\\nvraidservice.exe [2007-09-11 187936]
\"Acer Tour Reminder\"=C:\\Acer\\AcerTour\\Reminder.exe [2007-08-01 151552]
\"PlayMovie\"=C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe [2007-07-13 178280]
\"hpfsched\"=C:\\Windows\\hpfsched.exe [2000-04-17 36864]
\"NeroCheck\"=C:\\Windows\\system32\\\\NeroCheck.exe [2001-07-09 155648]
\"avast!\"=C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe [2009-08-17 81000]
\"TkBellExe\"=C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe [2009-04-09 198160]
\"tsnpstd3\"=C:\\Windows\\tsnpstd3.exe [2006-07-07 262144]
\"snpstd3\"=C:\\Windows\\vsnpstd3.exe [2006-09-18 843776]
\"AMTDeviceService\"=C:\\Program Files\\AMT Media Manager\\AMTDeviceService.exe [2008-12-25 184320]
\"SBRegRebootCleaner\"=C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBRC.exe [2009-06-18 197928]
\"Skytel\"=C:\\Windows\\Skytel.exe [2007-10-11 1826816]
\"NvSvc\"=C:\\Windows\\system32\\nvsvc.dll [2007-11-06 86016]
\"NvCplDaemon\"=C:\\Windows\\system32\\NvCpl.dll [2007-11-06 8530464]
\"NvMediaCenter\"=C:\\Windows\\system32\\NvMcTray.dll [2007-11-06 81920]
\"Google Quick Search Box\"=C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe [2009-10-17 122368]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]
\"SoftwareHelper\"=C:\\Users\\perez\\AppData\\Roaming\\eoRezo\\SoftwareUpdate\\SoftwareUpdateHP.exe [2008-12-09 368224]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Sidebar\"=C:\\Program Files\\Windows Sidebar\\sidebar.exe [2008-01-19 1233920]
\"ehTray.exe\"=C:\\Windows\\ehome\\ehTray.exe [2008-01-19 125952]
\"msnmsgr\"=C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2008-12-02 3882312]
\"WMPNSCFG\"=C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe [2008-01-19 202240]
\"swg\"=C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe [2009-08-13 39408]
\"Acer Tour Reminder\"= []

C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup
Empowering Technology Launcher.lnk - C:\\Acer\\Empowering Technology\\eAPLauncher.exe
Microsoft Office.lnk - C:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE

C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup
Notification de cadeaux MSN.lnk - C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"ConsentPromptBehaviorAdmin\"=0
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1
\"EnableUIADesktopToggle\"=0
\"UacDisableNotify\"=0

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\G]
shell\\AutoRun\\command - G:\\MediaManager.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{b5eee18a-29d0-11de-bb33-001d927f9b79}]
shell\\AutoRun\\command - SETUP.EXE -0
shell\\Explore\\command - SETUP.EXE -E
shell\\Open\\command - SETUP.EXE -O

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{e37ca34d-71f8-11de-a2ca-001d927f9b79}]
shell\\AutoRun\\command - G:\\MediaManager.exe


======File associations======

.js - edit - C:\\Windows\\System32\\Notepad.exe %1
.js - open - C:\\Windows\\System32\\WScript.exe \"%1\" %*

======List of files/folders created in the last 1 months======

2009-10-29 17:46:29 ----D---- C:\\rsit
2009-10-29 17:46:29 ----D---- C:\\Program Files\\trend micro
2009-10-29 17:21:40 ----D---- C:\\_OTM
2009-10-29 16:32:19 ----D---- C:\\Program Files\\ZHPDiag
2009-10-28 23:08:44 ----A---- C:\\FindyKill.txt
2009-10-28 22:44:06 ----D---- C:\\FindyKill
2009-10-28 07:43:54 ----A---- C:\\Windows\\system32\\wmp.dll
2009-10-28 07:43:53 ----A---- C:\\Windows\\system32\\unregmp2.exe
2009-10-28 07:43:52 ----A---- C:\\Windows\\system32\\wmploc.DLL
2009-10-14 20:28:05 ----A---- C:\\Windows\\system32\\msv1_0.dll
2009-10-14 20:28:02 ----A---- C:\\Windows\\system32\\ntkrnlpa.exe
2009-10-14 20:28:01 ----A---- C:\\Windows\\system32\\ntoskrnl.exe
2009-10-14 20:27:52 ----A---- C:\\Windows\\system32\\EncDec.dll
2009-10-14 20:27:51 ----A---- C:\\Windows\\system32\\psisdecd.dll
2009-10-14 20:27:48 ----A---- C:\\Windows\\system32\\mshtml.dll
2009-10-14 20:27:47 ----A---- C:\\Windows\\system32\\ieframe.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\wininet.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\urlmon.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\occache.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\msfeeds.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\iertutil.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\iedkcs32.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\msfeedssync.exe
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\msfeedsbs.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\jsproxy.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\ieUnatt.exe
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\ieui.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iesysprep.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iesetup.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iernonce.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iepeers.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\ie4uinit.exe
2009-10-14 20:27:38 ----A---- C:\\Windows\\system32\\msasn1.dll
2009-10-14 20:27:36 ----A---- C:\\Windows\\system32\\WMSPDMOD.DLL
2009-10-13 15:56:33 ----D---- C:\\Program Files\\7-Zip
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wups2.dll
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wucltux.dll
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wuaueng.dll
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wuauclt.exe
2009-10-03 12:22:50 ----A---- C:\\Windows\\system32\\wups.dll
2009-10-03 12:22:50 ----A---- C:\\Windows\\system32\\wudriver.dll
2009-10-03 12:22:50 ----A---- C:\\Windows\\system32\\wuapi.dll
2009-10-03 12:22:46 ----A---- C:\\Windows\\system32\\wuwebv.dll
2009-10-03 12:22:46 ----A---- C:\\Windows\\system32\\wuapp.exe
2009-10-02 19:45:27 ----A---- C:\\Windows\\system32\\msshooks.dll
2009-10-02 19:45:26 ----A---- C:\\Windows\\system32\\msscb.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\xmlfilter.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\wsepno.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\thawbrkr.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\srchadmin.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\SearchFilterHost.exe
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\rtffilt.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\propsys.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\propdefs.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\offfilt.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\nlhtml.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\msstrc.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\mssprxy.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\mssitlb.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\msshsq.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\mimefilt.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\korwbrkr.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\tquery.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\SearchProtocolHost.exe
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\SearchIndexer.exe
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssvp.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssrch.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssphtb.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssph.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\msscntrs.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\chtbrkr.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\chsbrkr.dll
2009-10-02 08:59:03 ----A---- C:\\Windows\\system32\\pacerprf.dll
2009-10-02 08:59:01 ----A---- C:\\Windows\\system32\\wersvc.dll
2009-10-02 08:59:01 ----A---- C:\\Windows\\system32\\Faultrep.dll
2009-10-02 08:59:00 ----A---- C:\\Windows\\system32\\emdmgmt.dll
2009-10-02 08:59:00 ----A---- C:\\Windows\\system32\\dataclen.dll
2009-10-02 08:59:00 ----A---- C:\\Windows\\system32\\cdd.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\wshext.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\wscript.exe
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\scrrun.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\scrobj.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\cscript.exe
2009-10-01 17:58:01 ----D---- C:\\PerfLogs

======List of files/folders modified in the last 1 months======

2009-10-29 17:46:40 ----D---- C:\\Windows\\Prefetch
2009-10-29 17:46:29 ----RD---- C:\\Program Files
2009-10-29 17:46:01 ----D---- C:\\Windows\\Temp
2009-10-29 17:40:00 ----D---- C:\\Windows\\System32
2009-10-29 17:40:00 ----D---- C:\\Windows\\inf
2009-10-29 17:40:00 ----A---- C:\\Windows\\system32\\PerfStringBackup.INI
2009-10-29 09:49:08 ----D---- C:\\Windows\\rescache
2009-10-29 09:32:39 ----D---- C:\\Windows\\system32\\fr-FR
2009-10-29 09:32:39 ----D---- C:\\Program Files\\Windows Media Player
2009-10-29 09:32:39 ----D---- C:\\Program Files\\Internet Explorer
2009-10-29 00:48:12 ----D---- C:\\Windows\\winsxs
2009-10-29 00:47:14 ----SHD---- C:\\System Volume Information
2009-10-28 23:13:32 ----SD---- C:\\Windows\\Downloaded Program Files
2009-10-28 23:10:13 ----D---- C:\\Windows\\system32\\WDI
2009-10-28 14:00:26 ----D---- C:\\Users\\perez\\AppData\\Roaming\\QUAD Backups
2009-10-28 07:43:39 ----D---- C:\\Windows\\system32\\catroot
2009-10-28 07:42:11 ----D---- C:\\Windows\\system32\\catroot2
2009-10-26 19:48:37 ----D---- C:\\Users\\perez\\AppData\\Roaming\\Canon
2009-10-21 15:21:00 ----D---- C:\\Windows\\Tasks
2009-10-21 15:21:00 ----D---- C:\\ProgramData\\Google
2009-10-21 15:21:00 ----D---- C:\\Program Files\\Google
2009-10-21 14:57:29 ----HD---- C:\\ProgramData
2009-10-19 23:24:59 ----SD---- C:\\Users\\perez\\AppData\\Roaming\\Microsoft
2009-10-15 09:52:07 ----D---- C:\\Windows\\Microsoft.NET
2009-10-15 09:50:11 ----D---- C:\\Program Files\\Windows Mail
2009-10-15 09:50:10 ----D---- C:\\Windows\\ehome
2009-10-15 09:50:09 ----D---- C:\\Windows\\system32\\migration
2009-10-14 22:49:00 ----D---- C:\\Windows\\system32\\drivers
2009-10-13 15:32:39 ----D---- C:\\Windows\\system32\\Tasks
2009-10-10 14:24:16 ----D---- C:\\Program Files\\DivX
2009-10-10 14:23:57 ----D---- C:\\Program Files\\Common Files\\DivX Shared
2009-10-03 12:19:01 ----D---- C:\\Windows\\PolicyDefinitions
2009-10-02 19:01:57 ----A---- C:\\Windows\\system32\\mrt.exe
2009-10-01 20:18:17 ----D---- C:\\Windows\\Logs
2009-10-01 18:05:15 ----D---- C:\\Windows
2009-10-01 18:04:58 ----SHD---- C:\\Boot
2009-10-01 18:04:58 ----ASH---- C:\\Program Files\\desktop.ini
2009-10-01 18:03:48 ----D---- C:\\Windows\\system32\\wbem
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Sidebar
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Photo Gallery
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Journal
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Collaboration
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Calendar
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Movie Maker
2009-10-01 17:58:39 ----D---- C:\\Windows\\servicing
2009-10-01 17:58:39 ----D---- C:\\Program Files\\Windows Defender
2009-10-01 17:58:39 ----D---- C:\\Program Files\\Common Files\\System
2009-10-01 17:58:37 ----D---- C:\\Windows\\MSAgent
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\sk-SK
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\lv-LV
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\ko-KR
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\hr-HR
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\et-EE
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\da-DK
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\com
2009-10-01 17:58:36 ----D---- C:\\Windows\\L2Schemas
2009-10-01 17:58:36 ----D---- C:\\Windows\\IME
2009-10-01 17:58:36 ----D---- C:\\Windows\\DigitalLocker
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\sysprep
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\oobe
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\it-IT
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\fr
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\en-US
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\el-GR
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\de-DE
2009-10-01 17:58:34 ----D---- C:\\Windows\\system32\\ru-RU
2009-10-01 17:58:34 ----D---- C:\\Windows\\system32\\ias
2009-10-01 17:58:34 ----D---- C:\\Windows\\system32\\AdvancedInstallers
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\sv-SE
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\SLUI
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\setup
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\pt-PT
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\hu-HU
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\he-IL
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\fi-FI
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\cs-CZ
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\zh-TW
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\zh-CN
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\uk-UA
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\sr-Latn-CS
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\sl-SI
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\pl-PL
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\manifeststore
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\ja-JP
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\es-ES
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\bg-BG
2009-10-01 17:58:30 ----D---- C:\\Windows\\system32\\tr-TR
2009-10-01 17:58:30 ----D---- C:\\Windows\\system32\\th-TH
2009-10-01 17:58:30 ----D---- C:\\Windows\\system32\\ro-RO
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\nl-NL
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\nb-NO
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\lt-LT
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\ar-SA
2009-10-01 17:58:28 ----D---- C:\\Windows\\system32\\migwiz
2009-10-01 17:58:27 ----D---- C:\\Windows\\system32\\pt-BR
2009-10-01 17:58:08 ----D---- C:\\Windows\\AppPatch
2009-10-01 17:58:02 ----D---- C:\\Windows\\system32\\Boot
2009-10-01 17:58:02 ----D---- C:\\Windows\\Boot
2009-10-01 17:57:13 ----D---- C:\\ProgramData\\NVIDIA
2009-10-01 17:52:30 ----D---- C:\\Windows\\system32\\RTCOM
2009-10-01 17:43:25 ----A---- C:\\Windows\\system32\\ifxcardm.dll
2009-10-01 17:43:24 ----A---- C:\\Windows\\system32\\axaltocm.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\\Windows\\system32\\drivers\\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\\Windows\\system32\\drivers\\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\\Windows\\system32\\drivers\\aswTdi.sys [2009-08-17 51376]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \\??\\C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\000.fcl [2007-08-31 39408]
R2 aswFsBlk;aswFsBlk; C:\\Windows\\system32\\DRIVERS\\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\\Windows\\system32\\DRIVERS\\aswMonFlt.sys [2009-08-17 53328]
R2 BsUDF;InCD UDF Driver; C:\\Windows\\system32\\drivers\\BsUDF.sys [2002-01-30 305920]
R2 int15;int15; \\??\\C:\\Acer\\Empowering Technology\\eRecovery\\int15.sys [2007-07-03 15392]
R2 sbapifs;sbapifs; C:\\Windows\\system32\\DRIVERS\\sbapifs.sys [2009-06-18 69168]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\\Windows\\system32\\drivers\\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\\Windows\\system32\\drivers\\RTKVHDA.sys [2007-10-17 1971928]
R3 NTIDrvr;Upper Class Filter Driver; C:\\Windows\\system32\\DRIVERS\\NTIDrvr.sys [2007-12-03 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\\Windows\\system32\\DRIVERS\\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\\Windows\\system32\\DRIVERS\\nvlddmkm.sys [2007-11-06 8230496]
R3 nvsmu;nvsmu; C:\\Windows\\system32\\DRIVERS\\nvsmu.sys [2007-07-07 12032]
R3 pcouffin;VSO Software pcouffin; C:\\Windows\\System32\\Drivers\\pcouffin.sys [2009-02-06 47360]
R3 StillCam;Pilote d\'appareil photo numérique série; C:\\Windows\\system32\\DRIVERS\\serscan.sys [2008-01-19 9216]
R3 usbscan;Pilote de scanneur USB; C:\\Windows\\system32\\DRIVERS\\usbscan.sys [2008-01-19 35328]
R3 WsAudioDevice_383;WsAudioDevice_383; C:\\Windows\\system32\\drivers\\WsAudioDevice_383.sys [2008-11-19 16640]
R3 WUDFRd;WUDFRd; C:\\Windows\\system32\\DRIVERS\\WUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\\Windows\\system32\\drivers\\drmkaud.sys [2008-01-19 5632]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d\'horloge de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSTEE.sys [2008-01-19 6016]
S3 SBRE;SBRE; \\??\\C:\\Windows\\system32\\drivers\\SBREdrv.sys [2009-06-18 92464]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\\Windows\\system32\\DRIVERS\\snpstd3.sys [2006-09-15 10205696]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\\Windows\\system32\\DRIVERS\\wmiacpi.sys [2006-11-02 11264]
S3 WSVD;WSVD; \\??\\C:\\Windows\\system32\\drivers\\WSVD.sys [2006-09-19 80744]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\CLMSServer.exe [2007-06-21 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe [2007-04-16 28672]
R2 ALaunchService;ALaunch Service; C:\\Acer\\ALaunch\\ALaunchSvc.exe [2007-01-26 50688]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe [2009-08-17 138680]
R2 eDataSecurity Service;eDSService.exe; C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSService.exe [2007-04-25 457512]
R2 eRecoveryService;eRecovery Service; C:\\Acer\\Empowering Technology\\eRecovery\\eRecoveryService.exe [2007-09-10 57344]
R2 hpzstatn;Printer Status Server; C:\\Windows\\system32\\spool\\drivers\\w32x86\\hpzstatn.exe [2000-04-17 503296]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe [2007-01-17 61440]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe [2006-07-19 262247]
R2 SBAMSvc;AntiMalware; C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBAMSvc.exe [2009-06-18 894248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe [2009-08-17 352920]
S3 gusvc;Google Software Updater; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2009-09-04 194032]
S3 odserv;Microsoft Office Diagnostics Service; C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE [2006-10-26 145184]

-----------------EOF----------------

Bonjour,

on n\'a pas eu entièrement quad registry, le rapport de ZHPDIag que je t\'ai demandé ne montrait pas les services actifs de ton ordinateur.

Je te donne un nouveau script à exécuter sur OTM :

- reprends la procédure que je t\'ai donné tout à l\'heure et colle ce nouveau script :


:Reg
[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SBRegRebootCleaner\"=-

:files
C:\\Windows\\tasks\\QUADRegistryCleaner.job
C:\\Windows\\tasks\\Registry Winner Schedule.job

:Services
SBAMSvc

:commands
[emptytemp]
[start explorer]
[reboot]

Et bien sur un nouveau rapport RSIT, stp

Si tout est bon on passe à la suppression des autres infections.

A plus tard.

Bonjour,

Je ne reprends que le dernier script que tu m\'as envoyé?

Bonjour,

oui, je te donne la manipulation à faire pour être plus précis :


* Télécharge OTM (OtmoveIT de Old_Timer) sur ton Bureau : oldtimer.geekstogo.com/OTM.exe
* Double-clique sur OTM.exe pour le lancer.
* Assure toi que la case Unregister Dll\'s and Ocx\'s soit bien cochée.
* Copie la liste qui se trouve entre les lignes en pointillés dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste List of Files/Folders to move.


-----------------------------

:Reg
[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SBRegRebootCleaner\"=-

:files
C:\\Windows\\tasks\\QUADRegistryCleaner.job
C:\\Windows\\tasks\\Registry Winner Schedule.job

:Services
SBAMSvc

:commands
[emptytemp]
[start explorer]
[reboot]


-----------------------------

* clique sur MoveIt! pour lancer la suppression.
* Le résultat apparaitra dans le cadre \"Results\".
* Clique sur Exit pour fermer.
* Poste le rapport situé dans C:\\_OTM\\MovedFiles.
* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c\'est le cas accepte par Yes.

ensuite redémarre le pc et refais un nouveau rapport RSIT et ne poste que le rapport log.txt qui va s\'ouvir

Bonjour,
oups j\'ai pas assuré sur ce coup je n\'ai pas copié le rapport omt le hic c\'est que je me trouve avec 3 rapports à 1mn d\'intervalle ds le doute je te les envoie et aprés je t\'envoie le rapport RSIT, désolé.



All processes killed
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\\\SBRegRebootCleaner scheduled to be deleted on reboot.
========== FILES ==========
File move failed. C:\\Windows\\tasks\\QUADRegistryCleaner.job scheduled to be moved on reboot.
File move failed. C:\\Windows\\tasks\\Registry Winner Schedule.job scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
Service\\Driver SBAMSvc not found.
Unable to delete service\\driver keySBAMSvc.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: perez
File delete failed. C:\\Users\\perez\\AppData\\Local\\Temp\\ih8.tmp\\AUA\\bwstate.sgupd scheduled to be deleted on reboot.
File delete failed. C:\\Users\\perez\\AppData\\Local\\Temp\\ih8.tmp\\AUA\\bwstate.sgupd_backup scheduled to be deleted on reboot.
->Temp folder emptied: 36292690 bytes
->Temporary Internet Files folder emptied: 7265284 bytes
->Google Chrome cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
Folder delete failed. C:\\Windows\\msdownld.tmp scheduled to be deleted on reboot.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\\System32 .tmp files removed: 0 bytes
File delete failed. C:\\Windows\\temp\\_avast4_\\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile00.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile01.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile02.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile03.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile04.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile05.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile06.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile07.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile08.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile09.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile10.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile11.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile12.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile13.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile14.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile15.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile16.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile17.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile18.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile19.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\VistaSP1_InstallPerf_142855.sqm scheduled to be deleted on reboot.
Windows Temp folder emptied: 61728080 bytes
RecycleBin emptied: 346731 bytes

Total Files Cleaned = 100,74 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10292009_191432








All processes killed
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\\\SBRegRebootCleaner scheduled to be deleted on reboot.
Registry value HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\\\QUAD Cleaner deleted successfully.
Registry value HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\\\cajip deleted successfully.
========== FILES ==========
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Styles scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Lang scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\fonts scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Drivers\\i386 scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Drivers\\amd64 scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Drivers scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\definitions scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD RegistryCleaner\\Styles scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD RegistryCleaner scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Cleaner scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Windows Live scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Windows scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Sites Web MSN scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Sites Web Microsoft scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Neuf scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Moteurs de recherche scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Links scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Liens publics scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Internet Explorer scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Language scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry_Doktor 4.1\\definitions scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry_Doktor 4.1 scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: perez
File delete failed. C:\\Users\\perez\\AppData\\Local\\Temp\\ih8.tmp\\AUA\\bwstate.sgupd scheduled to be deleted on reboot.
File delete failed. C:\\Users\\perez\\AppData\\Local\\Temp\\ih8.tmp\\AUA\\bwstate.sgupd_backup scheduled to be deleted on reboot.
->Temp folder emptied: -1003941317 bytes
File delete failed. C:\\Users\\perez\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 60654532 bytes
->Google Chrome cache emptied: 399022777 bytes

User: Public

C:\\NV30402536.TMP folder deleted successfully.
%systemdrive% .tmp files removed: 847872 bytes
Folder delete failed. C:\\Windows\\msdownld.tmp scheduled to be deleted on reboot.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\\System32 .tmp files removed: 0 bytes
File delete failed. C:\\Windows\\temp\\_avast4_\\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile00.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile01.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile02.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile03.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile04.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile05.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile06.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile07.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile08.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile09.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile10.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile11.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile12.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile13.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile14.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile15.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile16.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile17.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile18.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\fwtsqmfile19.sqm scheduled to be deleted on reboot.
File delete failed. C:\\Windows\\temp\\VistaSP1_InstallPerf_142855.sqm scheduled to be deleted on reboot.
Windows Temp folder emptied: 61728037 bytes
RecycleBin emptied: 1915638 bytes

Total Files Cleaned = -457,55 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10292009_172140

Files moved on Reboot...
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Styles scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Lang scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\fonts scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Drivers\\i386 scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Drivers\\amd64 scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Drivers\\i386 scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Drivers\\amd64 scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Drivers scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\definitions scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Styles scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Lang scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\fonts scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Drivers\\i386 scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Drivers\\amd64 scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\Drivers scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\definitions scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD RegistryCleaner\\Styles scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD RegistryCleaner\\Styles scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\QUAD Utilities\\QUAD RegistryCleaner scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Cleaner scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Windows Live scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Windows scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Sites Web MSN scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Sites Web Microsoft scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Neuf scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Moteurs de recherche scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Links scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Liens publics scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Internet Explorer scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Windows Live scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Windows scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Sites Web MSN scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Sites Web Microsoft scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Neuf scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Moteurs de recherche scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Links scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Liens publics scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Internet Explorer scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Windows Live scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Windows scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Sites Web MSN scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Sites Web Microsoft scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Neuf scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Moteurs de recherche scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Links scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Liens publics scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Internet Explorer scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Language scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Windows Live scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Windows scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Sites Web MSN scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Sites Web Microsoft scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Neuf scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Moteurs de recherche scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Links scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Liens publics scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites\\Internet Explorer scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities\\Favorites scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Utilities scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner\\Language scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry Winner scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry_Doktor 4.1\\definitions scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry_Doktor 4.1\\definitions scheduled to be moved on reboot.
Folder move failed. C:\\Program Files\\Registry_Doktor 4.1 scheduled to be moved on reboot.
File move failed. C:\\Users\\perez\\AppData\\Local\\Temp\\ih8.tmp\\AUA\\bwstate.sgupd scheduled to be moved on reboot.
File move failed. C:\\Users\\perez\\AppData\\Local\\Temp\\ih8.tmp\\AUA\\bwstate.sgupd_backup scheduled to be moved on reboot.
Folder move failed. C:\\Windows\\msdownld.tmp scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\_avast4_\\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile00.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile01.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile02.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile03.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile04.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile05.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile06.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile07.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile08.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile09.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile10.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile11.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile12.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile13.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile14.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile15.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile16.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile17.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile18.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\fwtsqmfile19.sqm scheduled to be moved on reboot.
File move failed. C:\\Windows\\temp\\VistaSP1_InstallPerf_142855.sqm scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\\\SBRegRebootCleaner scheduled to be deleted on reboot.


et voilà le rapport RSIT:

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by perez at 2009-10-29 19:39:09
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 143 GB (61%) free of 234 GB
Total RAM: 3071 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:11, on 29/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\system32\\taskeng.exe
C:\\Users\\perez\\AppData\\Roaming\\eoRezo\\SoftwareUpdate\\SoftwareUpdateHP.exe
C:\\Windows\\RtHDVCpl.exe
C:\\Acer\\Empowering Technology\\SysMonitor.exe
C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSLoader.exe
C:\\Windows\\System32\\nvraidservice.exe
C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Windows\\tsnpstd3.exe
C:\\Windows\\vsnpstd3.exe
C:\\Program Files\\AMT Media Manager\\AMTDeviceService.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe
C:\\Windows\\System32\\mobsync.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Acer\\Empowering Technology\\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\\Acer\\Empowering Technology\\eRecovery\\ERAGENT.EXE
C:\\Windows\\system32\\wbem\\unsecapp.exe
C:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe
C:\\Windows\\system32\\wuauclt.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbarUser_32.exe
C:\\Users\\perez\\Desktop\\RSIT.exe
C:\\Program Files\\trend micro\\perez.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Local Page =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d\'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Program Files\\Real\\RealPlayer\\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\\Windows\\system32\\ActiveToolBand.dll
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\\Program Files\\Megaupload\\Mega Manager\\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\\Windows\\system32\\eDStoolbar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O4 - HKLM\\..\\Run: [ALaunch] C:\\Acer\\ALaunch\\AlaunchClient.exe
O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\\..\\Run: [Acer Empowering Technology Monitor] C:\\Acer\\Empowering Technology\\SysMonitor.exe
O4 - HKLM\\..\\Run: [eDataSecurity Loader] C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe
O4 - HKLM\\..\\Run: [PCMMediaSharing] C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [WarReg_PopUp] C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe
O4 - HKLM\\..\\Run: [NVRaidService] C:\\Windows\\system32\\nvraidservice.exe
O4 - HKLM\\..\\Run: [Acer Tour Reminder] C:\\Acer\\AcerTour\\Reminder.exe
O4 - HKLM\\..\\Run: [PlayMovie] \"C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe\"
O4 - HKLM\\..\\Run: [hpfsched] C:\\Windows\\hpfsched.exe
O4 - HKLM\\..\\Run: [NeroCheck] C:\\Windows\\system32\\\\NeroCheck.exe
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKLM\\..\\Run: [tsnpstd3] C:\\Windows\\tsnpstd3.exe
O4 - HKLM\\..\\Run: [snpstd3] C:\\Windows\\vsnpstd3.exe
O4 - HKLM\\..\\Run: [AMTDeviceService] \"C:\\Program Files\\AMT Media Manager\\AMTDeviceService.exe\"
O4 - HKLM\\..\\Run: [SBRegRebootCleaner] C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBRC.exe
O4 - HKLM\\..\\Run: [Skytel] Skytel.exe
O4 - HKLM\\..\\Run: [NvSvc] RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [Google Quick Search Box] \"C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe\" /autorun
O4 - HKLM\\..\\RunOnce: [SoftwareHelper] C:\\Users\\perez\\AppData\\Roaming\\eoRezo\\SoftwareUpdate\\SoftwareUpdateHP.exe -runonce
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [WMPNSCFG] C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe
O4 - HKCU\\..\\Run: [swg] \"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE RÉSEAU\')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra \'Tools\' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\\Acer\\ALaunch\\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\\Acer\\Empowering Technology\\eRecovery\\eRecoveryService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\\Windows\\system32\\spool\\drivers\\w32x86\\hpzstatn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
O23 - Service: AntiMalware (SBAMSvc) - Sunbelt Software - C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBAMSvc.exe

--
End of file - 10425 bytes

======Scheduled tasks folder======

C:\\Windows\\tasks\\EasyShare Registration RunOnce Task.job
C:\\Windows\\tasks\\EasyShare Registration Task.job
C:\\Windows\\tasks\\QUADRegistryCleaner.job
C:\\Windows\\tasks\\Registry Winner Schedule.job
C:\\Windows\\tasks\\User_Feed_Synchronization-{C83E99AB-92FB-4A11-A65D-4276CA67BD82}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d\'Adobe PDF Reader - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\\Program Files\\Real\\RealPlayer\\rpbrowserrecordplugin.dll [2009-04-09 312928]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\\Windows\\system32\\ActiveToolBand.dll [2007-04-25 299008]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll [2009-08-26 256112]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll [2009-10-08 762864]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\\Program Files\\Megaupload\\Mega Manager\\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll [2009-08-26 458736]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\\Windows\\system32\\eDStoolbar.dll [2007-04-25 151552]
{A057A204-BACC-4D26-C39E-35F1D2A32EC8}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll [2009-08-26 256112]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ALaunch\"=C:\\Acer\\ALaunch\\AlaunchClient.exe [2007-01-26 540672]
\"RtHDVCpl\"=C:\\Windows\\RtHDVCpl.exe [2007-10-11 4702208]
\"Acer Empowering Technology Monitor\"=C:\\Acer\\Empowering Technology\\SysMonitor.exe [2007-09-07 326176]
\"eDataSecurity Loader\"=C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe [2007-04-25 457216]
\"PCMMediaSharing\"=C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe [2007-06-21 204908]
\"Adobe Reader Speed Launcher\"=C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe [2007-05-11 40048]
\"WarReg_PopUp\"=C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe [2006-11-05 57344]
\"NVRaidService\"=C:\\Windows\\system32\\nvraidservice.exe [2007-09-11 187936]
\"Acer Tour Reminder\"=C:\\Acer\\AcerTour\\Reminder.exe [2007-08-01 151552]
\"PlayMovie\"=C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe [2007-07-13 178280]
\"hpfsched\"=C:\\Windows\\hpfsched.exe [2000-04-17 36864]
\"NeroCheck\"=C:\\Windows\\system32\\\\NeroCheck.exe [2001-07-09 155648]
\"avast!\"=C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe [2009-08-17 81000]
\"TkBellExe\"=C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe [2009-04-09 198160]
\"tsnpstd3\"=C:\\Windows\\tsnpstd3.exe [2006-07-07 262144]
\"snpstd3\"=C:\\Windows\\vsnpstd3.exe [2006-09-18 843776]
\"AMTDeviceService\"=C:\\Program Files\\AMT Media Manager\\AMTDeviceService.exe [2008-12-25 184320]
\"SBRegRebootCleaner\"=C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBRC.exe [2009-06-18 197928]
\"Skytel\"=C:\\Windows\\Skytel.exe [2007-10-11 1826816]
\"NvSvc\"=C:\\Windows\\system32\\nvsvc.dll [2007-11-06 86016]
\"NvCplDaemon\"=C:\\Windows\\system32\\NvCpl.dll [2007-11-06 8530464]
\"NvMediaCenter\"=C:\\Windows\\system32\\NvMcTray.dll [2007-11-06 81920]
\"Google Quick Search Box\"=C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe [2009-10-17 122368]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]
\"SoftwareHelper\"=C:\\Users\\perez\\AppData\\Roaming\\eoRezo\\SoftwareUpdate\\SoftwareUpdateHP.exe [2008-12-09 368224]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Sidebar\"=C:\\Program Files\\Windows Sidebar\\sidebar.exe [2008-01-19 1233920]
\"ehTray.exe\"=C:\\Windows\\ehome\\ehTray.exe [2008-01-19 125952]
\"msnmsgr\"=C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2008-12-02 3882312]
\"WMPNSCFG\"=C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe [2008-01-19 202240]
\"swg\"=C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe [2009-08-13 39408]
\"Acer Tour Reminder\"= []

C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup
Empowering Technology Launcher.lnk - C:\\Acer\\Empowering Technology\\eAPLauncher.exe
Microsoft Office.lnk - C:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE

C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup
Notification de cadeaux MSN.lnk - C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"ConsentPromptBehaviorAdmin\"=0
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1
\"EnableUIADesktopToggle\"=0
\"UacDisableNotify\"=0

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\G]
shell\\AutoRun\\command - G:\\MediaManager.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{b5eee18a-29d0-11de-bb33-001d927f9b79}]
shell\\AutoRun\\command - SETUP.EXE -0
shell\\Explore\\command - SETUP.EXE -E
shell\\Open\\command - SETUP.EXE -O

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{e37ca34d-71f8-11de-a2ca-001d927f9b79}]
shell\\AutoRun\\command - G:\\MediaManager.exe


======File associations======

.js - edit - C:\\Windows\\System32\\Notepad.exe %1
.js - open - C:\\Windows\\System32\\WScript.exe \"%1\" %*

======List of files/folders created in the last 1 months======

2009-10-29 17:46:29 ----D---- C:\\rsit
2009-10-29 17:46:29 ----D---- C:\\Program Files\\trend micro
2009-10-29 17:21:40 ----D---- C:\\_OTM
2009-10-29 16:32:19 ----D---- C:\\Program Files\\ZHPDiag
2009-10-28 23:08:44 ----A---- C:\\FindyKill.txt
2009-10-28 22:44:06 ----D---- C:\\FindyKill
2009-10-28 07:43:54 ----A---- C:\\Windows\\system32\\wmp.dll
2009-10-28 07:43:53 ----A---- C:\\Windows\\system32\\unregmp2.exe
2009-10-28 07:43:52 ----A---- C:\\Windows\\system32\\wmploc.DLL
2009-10-14 20:28:05 ----A---- C:\\Windows\\system32\\msv1_0.dll
2009-10-14 20:28:02 ----A---- C:\\Windows\\system32\\ntkrnlpa.exe
2009-10-14 20:28:01 ----A---- C:\\Windows\\system32\\ntoskrnl.exe
2009-10-14 20:27:52 ----A---- C:\\Windows\\system32\\EncDec.dll
2009-10-14 20:27:51 ----A---- C:\\Windows\\system32\\psisdecd.dll
2009-10-14 20:27:48 ----A---- C:\\Windows\\system32\\mshtml.dll
2009-10-14 20:27:47 ----A---- C:\\Windows\\system32\\ieframe.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\wininet.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\urlmon.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\occache.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\msfeeds.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\iertutil.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\iedkcs32.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\msfeedssync.exe
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\msfeedsbs.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\jsproxy.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\ieUnatt.exe
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\ieui.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iesysprep.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iesetup.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iernonce.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iepeers.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\ie4uinit.exe
2009-10-14 20:27:38 ----A---- C:\\Windows\\system32\\msasn1.dll
2009-10-14 20:27:36 ----A---- C:\\Windows\\system32\\WMSPDMOD.DLL
2009-10-13 15:56:33 ----D---- C:\\Program Files\\7-Zip
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wups2.dll
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wucltux.dll
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wuaueng.dll
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wuauclt.exe
2009-10-03 12:22:50 ----A---- C:\\Windows\\system32\\wups.dll
2009-10-03 12:22:50 ----A---- C:\\Windows\\system32\\wudriver.dll
2009-10-03 12:22:50 ----A---- C:\\Windows\\system32\\wuapi.dll
2009-10-03 12:22:46 ----A---- C:\\Windows\\system32\\wuwebv.dll
2009-10-03 12:22:46 ----A---- C:\\Windows\\system32\\wuapp.exe
2009-10-02 19:45:27 ----A---- C:\\Windows\\system32\\msshooks.dll
2009-10-02 19:45:26 ----A---- C:\\Windows\\system32\\msscb.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\xmlfilter.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\wsepno.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\thawbrkr.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\srchadmin.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\SearchFilterHost.exe
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\rtffilt.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\propsys.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\propdefs.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\offfilt.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\nlhtml.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\msstrc.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\mssprxy.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\mssitlb.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\msshsq.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\mimefilt.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\korwbrkr.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\tquery.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\SearchProtocolHost.exe
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\SearchIndexer.exe
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssvp.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssrch.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssphtb.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssph.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\msscntrs.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\chtbrkr.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\chsbrkr.dll
2009-10-02 08:59:03 ----A---- C:\\Windows\\system32\\pacerprf.dll
2009-10-02 08:59:01 ----A---- C:\\Windows\\system32\\wersvc.dll
2009-10-02 08:59:01 ----A---- C:\\Windows\\system32\\Faultrep.dll
2009-10-02 08:59:00 ----A---- C:\\Windows\\system32\\emdmgmt.dll
2009-10-02 08:59:00 ----A---- C:\\Windows\\system32\\dataclen.dll
2009-10-02 08:59:00 ----A---- C:\\Windows\\system32\\cdd.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\wshext.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\wscript.exe
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\scrrun.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\scrobj.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\cscript.exe
2009-10-01 17:58:01 ----D---- C:\\PerfLogs

======List of files/folders modified in the last 1 months======

2009-10-29 19:39:08 ----D---- C:\\Windows\\Temp
2009-10-29 19:33:30 ----D---- C:\\Windows\\Prefetch
2009-10-29 19:21:35 ----D---- C:\\Windows\\System32
2009-10-29 19:21:35 ----D---- C:\\Windows\\inf
2009-10-29 19:21:35 ----A---- C:\\Windows\\system32\\PerfStringBackup.INI
2009-10-29 18:48:21 ----SHD---- C:\\System Volume Information
2009-10-29 17:46:29 ----RD---- C:\\Program Files
2009-10-29 09:49:08 ----D---- C:\\Windows\\rescache
2009-10-29 09:32:39 ----D---- C:\\Windows\\system32\\fr-FR
2009-10-29 09:32:39 ----D---- C:\\Program Files\\Windows Media Player
2009-10-29 09:32:39 ----D---- C:\\Program Files\\Internet Explorer
2009-10-29 00:48:12 ----D---- C:\\Windows\\winsxs
2009-10-28 23:13:32 ----SD---- C:\\Windows\\Downloaded Program Files
2009-10-28 23:10:13 ----D---- C:\\Windows\\system32\\WDI
2009-10-28 14:00:26 ----D---- C:\\Users\\perez\\AppData\\Roaming\\QUAD Backups
2009-10-28 07:43:39 ----D---- C:\\Windows\\system32\\catroot
2009-10-28 07:42:11 ----D---- C:\\Windows\\system32\\catroot2
2009-10-26 19:48:37 ----D---- C:\\Users\\perez\\AppData\\Roaming\\Canon
2009-10-21 15:21:00 ----D---- C:\\Windows\\Tasks
2009-10-21 15:21:00 ----D---- C:\\ProgramData\\Google
2009-10-21 15:21:00 ----D---- C:\\Program Files\\Google
2009-10-21 14:57:29 ----HD---- C:\\ProgramData
2009-10-19 23:24:59 ----SD---- C:\\Users\\perez\\AppData\\Roaming\\Microsoft
2009-10-15 09:52:07 ----D---- C:\\Windows\\Microsoft.NET
2009-10-15 09:50:11 ----D---- C:\\Program Files\\Windows Mail
2009-10-15 09:50:10 ----D---- C:\\Windows\\ehome
2009-10-15 09:50:09 ----D---- C:\\Windows\\system32\\migration
2009-10-14 22:49:00 ----D---- C:\\Windows\\system32\\drivers
2009-10-13 15:32:39 ----D---- C:\\Windows\\system32\\Tasks
2009-10-10 14:24:16 ----D---- C:\\Program Files\\DivX
2009-10-10 14:23:57 ----D---- C:\\Program Files\\Common Files\\DivX Shared
2009-10-03 12:19:01 ----D---- C:\\Windows\\PolicyDefinitions
2009-10-02 19:01:57 ----A---- C:\\Windows\\system32\\mrt.exe
2009-10-01 20:18:17 ----D---- C:\\Windows\\Logs
2009-10-01 18:05:15 ----D---- C:\\Windows
2009-10-01 18:04:58 ----SHD---- C:\\Boot
2009-10-01 18:04:58 ----ASH---- C:\\Program Files\\desktop.ini
2009-10-01 18:03:48 ----D---- C:\\Windows\\system32\\wbem
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Sidebar
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Photo Gallery
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Journal
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Collaboration
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Calendar
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Movie Maker
2009-10-01 17:58:39 ----D---- C:\\Windows\\servicing
2009-10-01 17:58:39 ----D---- C:\\Program Files\\Windows Defender
2009-10-01 17:58:39 ----D---- C:\\Program Files\\Common Files\\System
2009-10-01 17:58:37 ----D---- C:\\Windows\\MSAgent
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\sk-SK
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\lv-LV
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\ko-KR
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\hr-HR
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\et-EE
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\da-DK
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\com
2009-10-01 17:58:36 ----D---- C:\\Windows\\L2Schemas
2009-10-01 17:58:36 ----D---- C:\\Windows\\IME
2009-10-01 17:58:36 ----D---- C:\\Windows\\DigitalLocker
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\sysprep
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\oobe
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\it-IT
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\fr
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\en-US
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\el-GR
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\de-DE
2009-10-01 17:58:34 ----D---- C:\\Windows\\system32\\ru-RU
2009-10-01 17:58:34 ----D---- C:\\Windows\\system32\\ias
2009-10-01 17:58:34 ----D---- C:\\Windows\\system32\\AdvancedInstallers
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\sv-SE
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\SLUI
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\setup
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\pt-PT
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\hu-HU
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\he-IL
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\fi-FI
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\cs-CZ
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\zh-TW
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\zh-CN
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\uk-UA
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\sr-Latn-CS
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\sl-SI
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\pl-PL
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\manifeststore
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\ja-JP
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\es-ES
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\bg-BG
2009-10-01 17:58:30 ----D---- C:\\Windows\\system32\\tr-TR
2009-10-01 17:58:30 ----D---- C:\\Windows\\system32\\th-TH
2009-10-01 17:58:30 ----D---- C:\\Windows\\system32\\ro-RO
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\nl-NL
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\nb-NO
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\lt-LT
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\ar-SA
2009-10-01 17:58:28 ----D---- C:\\Windows\\system32\\migwiz
2009-10-01 17:58:27 ----D---- C:\\Windows\\system32\\pt-BR
2009-10-01 17:58:08 ----D---- C:\\Windows\\AppPatch
2009-10-01 17:58:02 ----D---- C:\\Windows\\system32\\Boot
2009-10-01 17:58:02 ----D---- C:\\Windows\\Boot
2009-10-01 17:57:13 ----D---- C:\\ProgramData\\NVIDIA
2009-10-01 17:52:30 ----D---- C:\\Windows\\system32\\RTCOM
2009-10-01 17:43:25 ----A---- C:\\Windows\\system32\\ifxcardm.dll
2009-10-01 17:43:24 ----A---- C:\\Windows\\system32\\axaltocm.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\\Windows\\system32\\drivers\\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\\Windows\\system32\\drivers\\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\\Windows\\system32\\drivers\\aswTdi.sys [2009-08-17 51376]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \\??\\C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\000.fcl [2007-08-31 39408]
R2 aswFsBlk;aswFsBlk; C:\\Windows\\system32\\DRIVERS\\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\\Windows\\system32\\DRIVERS\\aswMonFlt.sys [2009-08-17 53328]
R2 BsUDF;InCD UDF Driver; C:\\Windows\\system32\\drivers\\BsUDF.sys [2002-01-30 305920]
R2 int15;int15; \\??\\C:\\Acer\\Empowering Technology\\eRecovery\\int15.sys [2007-07-03 15392]
R2 sbapifs;sbapifs; C:\\Windows\\system32\\DRIVERS\\sbapifs.sys [2009-06-18 69168]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\\Windows\\system32\\drivers\\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\\Windows\\system32\\drivers\\RTKVHDA.sys [2007-10-17 1971928]
R3 NTIDrvr;Upper Class Filter Driver; C:\\Windows\\system32\\DRIVERS\\NTIDrvr.sys [2007-12-03 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\\Windows\\system32\\DRIVERS\\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\\Windows\\system32\\DRIVERS\\nvlddmkm.sys [2007-11-06 8230496]
R3 nvsmu;nvsmu; C:\\Windows\\system32\\DRIVERS\\nvsmu.sys [2007-07-07 12032]
R3 pcouffin;VSO Software pcouffin; C:\\Windows\\System32\\Drivers\\pcouffin.sys [2009-02-06 47360]
R3 StillCam;Pilote d\'appareil photo numérique série; C:\\Windows\\system32\\DRIVERS\\serscan.sys [2008-01-19 9216]
R3 usbscan;Pilote de scanneur USB; C:\\Windows\\system32\\DRIVERS\\usbscan.sys [2008-01-19 35328]
R3 WsAudioDevice_383;WsAudioDevice_383; C:\\Windows\\system32\\drivers\\WsAudioDevice_383.sys [2008-11-19 16640]
R3 WUDFRd;WUDFRd; C:\\Windows\\system32\\DRIVERS\\WUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\\Windows\\system32\\drivers\\drmkaud.sys [2008-01-19 5632]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d\'horloge de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSTEE.sys [2008-01-19 6016]
S3 SBRE;SBRE; \\??\\C:\\Windows\\system32\\drivers\\SBREdrv.sys [2009-06-18 92464]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\\Windows\\system32\\DRIVERS\\snpstd3.sys [2006-09-15 10205696]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\\Windows\\system32\\DRIVERS\\wmiacpi.sys [2006-11-02 11264]
S3 WSVD;WSVD; \\??\\C:\\Windows\\system32\\drivers\\WSVD.sys [2006-09-19 80744]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\CLMSServer.exe [2007-06-21 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe [2007-04-16 28672]
R2 ALaunchService;ALaunch Service; C:\\Acer\\ALaunch\\ALaunchSvc.exe [2007-01-26 50688]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe [2009-08-17 138680]
R2 eDataSecurity Service;eDSService.exe; C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSService.exe [2007-04-25 457512]
R2 eRecoveryService;eRecovery Service; C:\\Acer\\Empowering Technology\\eRecovery\\eRecoveryService.exe [2007-09-10 57344]
R2 hpzstatn;Printer Status Server; C:\\Windows\\system32\\spool\\drivers\\w32x86\\hpzstatn.exe [2000-04-17 503296]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe [2007-01-17 61440]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe [2006-07-19 262247]
R2 SBAMSvc;AntiMalware; C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBAMSvc.exe [2009-06-18 894248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe [2009-08-17 352920]
S3 gusvc;Google Software Updater; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2009-09-04 194032]
S3 odserv;Microsoft Office Diagnostics Service; C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------



Par contre, je suis désolé, mais laisse moi les consignes pour la suite, je dois m\'absenter jusqu\'à au moins 23h, une urgence je suis infirmier, je me manifesterai dés mon retour, si tu es présent, sinon je te recontacte dès demain, merci encore pour tout!

Bonjour,

Pas de problème, le boulot et la vie de famille passent toujours avant l\'informatique, même pendant une désinfection.
Je dois moi même m\'absenter en soirée et ensuite de demain matin jusqu\'à dimanche soir.

[S]A faire :[/S]

Si tu ne redémarres pas ton pc, les suppressions ne se feront pas, c\'est très important, quad registry est toujours présent sur ton ordinateur au moment de ton dernier RSIT.

Redémarre donc ton ordinateur et fais ensuite un nouveau RSIT, merci.

Je vais demander à jllg s\'il est dispo de continuer ta désinfection, et je finirai dimanche.

@+

Bonjour,

merci pour ton travail malwarebleach

j\'attends le rapport et je prends la suite

Bonsoir,

jllg, j\'ai vu que tu avais pris la suite à 20h30, désolé pour le retard ci joint le rapport de RSIT:
Logfile of random\'s system information tool 1.06 (written by random/random)
Run by perez at 2009-10-29 23:31:43
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 143 GB (61%) free of 234 GB
Total RAM: 3071 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:32:05, on 29/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Users\\perez\\AppData\\Roaming\\eoRezo\\SoftwareUpdate\\SoftwareUpdateHP.exe
C:\\Windows\\RtHDVCpl.exe
C:\\Acer\\Empowering Technology\\SysMonitor.exe
C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSLoader.exe
C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe
C:\\Windows\\System32\\nvraidservice.exe
C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Windows\\tsnpstd3.exe
C:\\Windows\\vsnpstd3.exe
C:\\Program Files\\AMT Media Manager\\AMTDeviceService.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\mobsync.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Windows\\system32\\wbem\\unsecapp.exe
C:\\Acer\\Empowering Technology\\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\\Acer\\Empowering Technology\\eRecovery\\ERAGENT.EXE
C:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe
C:\\Users\\perez\\Desktop\\RSIT.exe
C:\\Program Files\\trend micro\\perez.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Local Page =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d\'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Program Files\\Real\\RealPlayer\\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\\Windows\\system32\\ActiveToolBand.dll
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\\Program Files\\Megaupload\\Mega Manager\\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\\Windows\\system32\\eDStoolbar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll
O4 - HKLM\\..\\Run: [ALaunch] C:\\Acer\\ALaunch\\AlaunchClient.exe
O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\\..\\Run: [Acer Empowering Technology Monitor] C:\\Acer\\Empowering Technology\\SysMonitor.exe
O4 - HKLM\\..\\Run: [eDataSecurity Loader] C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe
O4 - HKLM\\..\\Run: [PCMMediaSharing] C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [WarReg_PopUp] C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe
O4 - HKLM\\..\\Run: [NVRaidService] C:\\Windows\\system32\\nvraidservice.exe
O4 - HKLM\\..\\Run: [Acer Tour Reminder] C:\\Acer\\AcerTour\\Reminder.exe
O4 - HKLM\\..\\Run: [PlayMovie] \"C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe\"
O4 - HKLM\\..\\Run: [hpfsched] C:\\Windows\\hpfsched.exe
O4 - HKLM\\..\\Run: [NeroCheck] C:\\Windows\\system32\\\\NeroCheck.exe
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKLM\\..\\Run: [tsnpstd3] C:\\Windows\\tsnpstd3.exe
O4 - HKLM\\..\\Run: [snpstd3] C:\\Windows\\vsnpstd3.exe
O4 - HKLM\\..\\Run: [AMTDeviceService] \"C:\\Program Files\\AMT Media Manager\\AMTDeviceService.exe\"
O4 - HKLM\\..\\Run: [SBRegRebootCleaner] C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBRC.exe
O4 - HKLM\\..\\Run: [Skytel] Skytel.exe
O4 - HKLM\\..\\Run: [NvSvc] RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [Google Quick Search Box] \"C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe\" /autorun
O4 - HKLM\\..\\RunOnce: [SoftwareHelper] C:\\Users\\perez\\AppData\\Roaming\\eoRezo\\SoftwareUpdate\\SoftwareUpdateHP.exe -runonce
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [WMPNSCFG] C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe
O4 - HKCU\\..\\Run: [swg] \"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICE RÉSEAU\')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra \'Tools\' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\\Acer\\ALaunch\\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\\Acer\\Empowering Technology\\eRecovery\\eRecoveryService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\\Windows\\system32\\spool\\drivers\\w32x86\\hpzstatn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
O23 - Service: AntiMalware (SBAMSvc) - Sunbelt Software - C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBAMSvc.exe

--
End of file - 10269 bytes

======Scheduled tasks folder======

C:\\Windows\\tasks\\EasyShare Registration RunOnce Task.job
C:\\Windows\\tasks\\EasyShare Registration Task.job
C:\\Windows\\tasks\\QUADRegistryCleaner.job
C:\\Windows\\tasks\\Registry Winner Schedule.job
C:\\Windows\\tasks\\User_Feed_Synchronization-{C83E99AB-92FB-4A11-A65D-4276CA67BD82}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d\'Adobe PDF Reader - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\\Program Files\\Real\\RealPlayer\\rpbrowserrecordplugin.dll [2009-04-09 312928]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\\Windows\\system32\\ActiveToolBand.dll [2007-04-25 299008]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll [2009-08-26 256112]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.3.4501.1418\\swg.dll [2009-10-08 762864]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\\Program Files\\Megaupload\\Mega Manager\\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_B7C5AC242193BB3E.dll [2009-08-26 458736]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\\Windows\\system32\\eDStoolbar.dll [2007-04-25 151552]
{A057A204-BACC-4D26-C39E-35F1D2A32EC8}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar_32.dll [2009-08-26 256112]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ALaunch\"=C:\\Acer\\ALaunch\\AlaunchClient.exe [2007-01-26 540672]
\"RtHDVCpl\"=C:\\Windows\\RtHDVCpl.exe [2007-10-11 4702208]
\"Acer Empowering Technology Monitor\"=C:\\Acer\\Empowering Technology\\SysMonitor.exe [2007-09-07 326176]
\"eDataSecurity Loader\"=C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe [2007-04-25 457216]
\"PCMMediaSharing\"=C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe [2007-06-21 204908]
\"Adobe Reader Speed Launcher\"=C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe [2007-05-11 40048]
\"WarReg_PopUp\"=C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe [2006-11-05 57344]
\"NVRaidService\"=C:\\Windows\\system32\\nvraidservice.exe [2007-09-11 187936]
\"Acer Tour Reminder\"=C:\\Acer\\AcerTour\\Reminder.exe [2007-08-01 151552]
\"PlayMovie\"=C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe [2007-07-13 178280]
\"hpfsched\"=C:\\Windows\\hpfsched.exe [2000-04-17 36864]
\"NeroCheck\"=C:\\Windows\\system32\\\\NeroCheck.exe [2001-07-09 155648]
\"avast!\"=C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe [2009-08-17 81000]
\"TkBellExe\"=C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe [2009-04-09 198160]
\"tsnpstd3\"=C:\\Windows\\tsnpstd3.exe [2006-07-07 262144]
\"snpstd3\"=C:\\Windows\\vsnpstd3.exe [2006-09-18 843776]
\"AMTDeviceService\"=C:\\Program Files\\AMT Media Manager\\AMTDeviceService.exe [2008-12-25 184320]
\"SBRegRebootCleaner\"=C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBRC.exe [2009-06-18 197928]
\"Skytel\"=C:\\Windows\\Skytel.exe [2007-10-11 1826816]
\"NvSvc\"=C:\\Windows\\system32\\nvsvc.dll [2007-11-06 86016]
\"NvCplDaemon\"=C:\\Windows\\system32\\NvCpl.dll [2007-11-06 8530464]
\"NvMediaCenter\"=C:\\Windows\\system32\\NvMcTray.dll [2007-11-06 81920]
\"Google Quick Search Box\"=C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe [2009-10-17 122368]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]
\"SoftwareHelper\"=C:\\Users\\perez\\AppData\\Roaming\\eoRezo\\SoftwareUpdate\\SoftwareUpdateHP.exe [2008-12-09 368224]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Sidebar\"=C:\\Program Files\\Windows Sidebar\\sidebar.exe [2008-01-19 1233920]
\"ehTray.exe\"=C:\\Windows\\ehome\\ehTray.exe [2008-01-19 125952]
\"msnmsgr\"=C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe [2008-12-02 3882312]
\"WMPNSCFG\"=C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe [2008-01-19 202240]
\"swg\"=C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe [2009-08-13 39408]
\"Acer Tour Reminder\"= []

C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup
Empowering Technology Launcher.lnk - C:\\Acer\\Empowering Technology\\eAPLauncher.exe
Microsoft Office.lnk - C:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE

C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup
Notification de cadeaux MSN.lnk - C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"ConsentPromptBehaviorAdmin\"=0
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1
\"EnableUIADesktopToggle\"=0
\"UacDisableNotify\"=0

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\G]
shell\\AutoRun\\command - G:\\MediaManager.exe

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{b5eee18a-29d0-11de-bb33-001d927f9b79}]
shell\\AutoRun\\command - SETUP.EXE -0
shell\\Explore\\command - SETUP.EXE -E
shell\\Open\\command - SETUP.EXE -O

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{e37ca34d-71f8-11de-a2ca-001d927f9b79}]
shell\\AutoRun\\command - G:\\MediaManager.exe


======File associations======

.js - edit - C:\\Windows\\System32\\Notepad.exe %1
.js - open - C:\\Windows\\System32\\WScript.exe \"%1\" %*

======List of files/folders created in the last 3 months======

2009-10-29 17:46:29 ----D---- C:\\rsit
2009-10-29 17:46:29 ----D---- C:\\Program Files\\trend micro
2009-10-29 17:21:40 ----D---- C:\\_OTM
2009-10-29 16:32:19 ----D---- C:\\Program Files\\ZHPDiag
2009-10-28 23:08:44 ----A---- C:\\FindyKill.txt
2009-10-28 22:44:06 ----D---- C:\\FindyKill
2009-10-28 07:43:54 ----A---- C:\\Windows\\system32\\wmp.dll
2009-10-28 07:43:53 ----A---- C:\\Windows\\system32\\unregmp2.exe
2009-10-28 07:43:52 ----A---- C:\\Windows\\system32\\wmploc.DLL
2009-10-14 20:28:05 ----A---- C:\\Windows\\system32\\msv1_0.dll
2009-10-14 20:28:02 ----A---- C:\\Windows\\system32\\ntkrnlpa.exe
2009-10-14 20:28:01 ----A---- C:\\Windows\\system32\\ntoskrnl.exe
2009-10-14 20:27:52 ----A---- C:\\Windows\\system32\\EncDec.dll
2009-10-14 20:27:51 ----A---- C:\\Windows\\system32\\psisdecd.dll
2009-10-14 20:27:48 ----A---- C:\\Windows\\system32\\mshtml.dll
2009-10-14 20:27:47 ----A---- C:\\Windows\\system32\\ieframe.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\wininet.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\urlmon.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\occache.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\msfeeds.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\iertutil.dll
2009-10-14 20:27:46 ----A---- C:\\Windows\\system32\\iedkcs32.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\msfeedssync.exe
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\msfeedsbs.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\jsproxy.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\ieUnatt.exe
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\ieui.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iesysprep.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iesetup.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iernonce.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\iepeers.dll
2009-10-14 20:27:45 ----A---- C:\\Windows\\system32\\ie4uinit.exe
2009-10-14 20:27:38 ----A---- C:\\Windows\\system32\\msasn1.dll
2009-10-14 20:27:36 ----A---- C:\\Windows\\system32\\WMSPDMOD.DLL
2009-10-13 15:56:33 ----D---- C:\\Program Files\\7-Zip
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wups2.dll
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wucltux.dll
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wuaueng.dll
2009-10-03 12:23:02 ----A---- C:\\Windows\\system32\\wuauclt.exe
2009-10-03 12:22:50 ----A---- C:\\Windows\\system32\\wups.dll
2009-10-03 12:22:50 ----A---- C:\\Windows\\system32\\wudriver.dll
2009-10-03 12:22:50 ----A---- C:\\Windows\\system32\\wuapi.dll
2009-10-03 12:22:46 ----A---- C:\\Windows\\system32\\wuwebv.dll
2009-10-03 12:22:46 ----A---- C:\\Windows\\system32\\wuapp.exe
2009-10-02 19:45:27 ----A---- C:\\Windows\\system32\\msshooks.dll
2009-10-02 19:45:26 ----A---- C:\\Windows\\system32\\msscb.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\xmlfilter.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\wsepno.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\thawbrkr.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\srchadmin.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\SearchFilterHost.exe
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\rtffilt.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\propsys.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\propdefs.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\offfilt.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\nlhtml.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\msstrc.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\mssprxy.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\mssitlb.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\msshsq.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\mimefilt.dll
2009-10-02 19:45:25 ----A---- C:\\Windows\\system32\\korwbrkr.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\tquery.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\SearchProtocolHost.exe
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\SearchIndexer.exe
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssvp.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssrch.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssphtb.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\mssph.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\msscntrs.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\chtbrkr.dll
2009-10-02 19:45:24 ----A---- C:\\Windows\\system32\\chsbrkr.dll
2009-10-02 08:59:03 ----A---- C:\\Windows\\system32\\pacerprf.dll
2009-10-02 08:59:01 ----A---- C:\\Windows\\system32\\wersvc.dll
2009-10-02 08:59:01 ----A---- C:\\Windows\\system32\\Faultrep.dll
2009-10-02 08:59:00 ----A---- C:\\Windows\\system32\\emdmgmt.dll
2009-10-02 08:59:00 ----A---- C:\\Windows\\system32\\dataclen.dll
2009-10-02 08:59:00 ----A---- C:\\Windows\\system32\\cdd.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\wshext.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\wscript.exe
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\scrrun.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\scrobj.dll
2009-10-02 08:58:59 ----A---- C:\\Windows\\system32\\cscript.exe
2009-10-01 17:58:01 ----D---- C:\\PerfLogs
2009-09-14 09:59:07 ----D---- C:\\Windows\\CheckSur
2009-09-10 17:31:46 ----D---- C:\\Program Files\\Registry Winner
2009-09-10 17:19:31 ----D---- C:\\ProgramData\\AVP 2009
2009-09-10 17:19:31 ----A---- C:\\Windows\\system32\\MSVolumeRDFr.dll
2009-09-10 17:19:27 ----D---- C:\\Program Files\\Registry_Doktor 4.1
2009-09-10 16:57:47 ----A---- C:\\Windows\\system32\\msimsg.dll
2009-09-10 16:57:47 ----A---- C:\\Windows\\system32\\msihnd.dll
2009-09-10 16:57:47 ----A---- C:\\Windows\\system32\\msiexec.exe
2009-09-10 16:57:47 ----A---- C:\\Windows\\system32\\msi.dll
2009-09-10 16:22:12 ----D---- C:\\Program Files\\Free Window Registry Repair
2009-09-09 11:03:23 ----A---- C:\\Windows\\system32\\netiohlp.dll
2009-09-09 11:03:23 ----A---- C:\\Windows\\system32\\netevent.dll
2009-09-09 11:03:22 ----A---- C:\\Windows\\system32\\TCPSVCS.EXE
2009-09-09 11:03:22 ----A---- C:\\Windows\\system32\\ROUTE.EXE
2009-09-09 11:03:22 ----A---- C:\\Windows\\system32\\NETSTAT.EXE
2009-09-09 11:03:22 ----A---- C:\\Windows\\system32\\MRINFO.EXE
2009-09-09 11:03:22 ----A---- C:\\Windows\\system32\\HOSTNAME.EXE
2009-09-09 11:03:22 ----A---- C:\\Windows\\system32\\finger.exe
2009-09-09 11:03:22 ----A---- C:\\Windows\\system32\\ARP.EXE
2009-09-09 11:02:27 ----A---- C:\\Windows\\system32\\WMVCORE.DLL
2009-09-09 11:02:27 ----A---- C:\\Windows\\system32\\mf.dll
2009-09-09 11:02:23 ----A---- C:\\Windows\\system32\\wlansvc.dll
2009-09-09 11:02:23 ----A---- C:\\Windows\\system32\\wlansec.dll
2009-09-09 11:02:22 ----A---- C:\\Windows\\system32\\wlanmsm.dll
2009-09-09 11:02:22 ----A---- C:\\Windows\\system32\\wlanhlp.dll
2009-09-09 11:02:22 ----A---- C:\\Windows\\system32\\wlanapi.dll
2009-09-09 11:02:22 ----A---- C:\\Windows\\system32\\L2SecHC.dll
2009-09-09 11:02:21 ----A---- C:\\Windows\\system32\\gatherWirelessInfo.vbs
2009-09-09 11:02:20 ----A---- C:\\Windows\\system32\\jscript.dll
2009-09-08 10:03:13 ----D---- C:\\ProgramData\\Sunbelt software
2009-09-07 19:58:34 ----D---- C:\\Users\\perez\\AppData\\Roaming\\QUAD Backups
2009-09-07 19:37:00 ----D---- C:\\Program Files\\QUAD Utilities
2009-09-05 17:26:40 ----D---- C:\\Program Files\\Registry Cleaner
2009-09-02 23:20:34 ----A---- C:\\Windows\\system32\\GameUXLegacyGDFs.dll
2009-09-02 23:20:32 ----A---- C:\\Windows\\system32\\Apphlpdm.dll
2009-08-26 19:45:31 ----A---- C:\\Windows\\system32\\tzres.dll
2009-08-16 11:50:01 ----A---- C:\\Windows\\system32\\kerberos.dll
2009-08-16 11:50:00 ----A---- C:\\Windows\\system32\\wdigest.dll
2009-08-16 11:50:00 ----A---- C:\\Windows\\system32\\schannel.dll
2009-08-16 11:50:00 ----A---- C:\\Windows\\system32\\lsasrv.dll
2009-08-16 11:49:59 ----A---- C:\\Windows\\system32\\secur32.dll
2009-08-16 11:49:59 ----A---- C:\\Windows\\system32\\lsass.exe
2009-08-13 13:06:35 ----D---- C:\\Users\\perez\\AppData\\Roaming\\Google
2009-08-13 13:06:08 ----D---- C:\\ProgramData\\Google
2009-08-12 11:37:43 ----A---- C:\\Windows\\system32\\atl.dll
2009-08-12 11:37:40 ----A---- C:\\Windows\\system32\\wkssvc.dll
2009-08-12 11:37:38 ----A---- C:\\Windows\\system32\\mstscax.dll
2009-08-12 11:37:37 ----A---- C:\\Windows\\system32\\tsgqec.dll
2009-08-12 11:37:37 ----A---- C:\\Windows\\system32\\aaclient.dll
2009-08-12 11:37:35 ----A---- C:\\Windows\\system32\\msvidc32.dll
2009-08-12 11:37:35 ----A---- C:\\Windows\\system32\\msvfw32.dll
2009-08-12 11:37:35 ----A---- C:\\Windows\\system32\\avifil32.dll
2009-08-12 11:37:30 ----A---- C:\\Windows\\system32\\wmpdxm.dll
2009-08-12 11:37:30 ----A---- C:\\Windows\\system32\\spwmp.dll
2009-08-12 11:37:29 ----A---- C:\\Windows\\system32\\dxmasf.dll
2009-08-04 19:21:37 ----D---- C:\\Users\\perez\\AppData\\Roaming\\Template

======List of files/folders modified in the last 3 months======

2009-10-29 23:31:34 ----D---- C:\\Windows\\Temp
2009-10-29 19:33:30 ----D---- C:\\Windows\\Prefetch
2009-10-29 19:21:35 ----D---- C:\\Windows\\System32
2009-10-29 19:21:35 ----D---- C:\\Windows\\inf
2009-10-29 19:21:35 ----A---- C:\\Windows\\system32\\PerfStringBackup.INI
2009-10-29 18:48:21 ----SHD---- C:\\System Volume Information
2009-10-29 17:46:29 ----RD---- C:\\Program Files
2009-10-29 09:49:08 ----D---- C:\\Windows\\rescache
2009-10-29 09:32:39 ----D---- C:\\Windows\\system32\\fr-FR
2009-10-29 09:32:39 ----D---- C:\\Program Files\\Windows Media Player
2009-10-29 09:32:39 ----D---- C:\\Program Files\\Internet Explorer
2009-10-29 00:48:12 ----D---- C:\\Windows\\winsxs
2009-10-28 23:13:32 ----SD---- C:\\Windows\\Downloaded Program Files
2009-10-28 23:10:13 ----D---- C:\\Windows\\system32\\WDI
2009-10-28 07:43:39 ----D---- C:\\Windows\\system32\\catroot
2009-10-28 07:42:11 ----D---- C:\\Windows\\system32\\catroot2
2009-10-26 19:48:37 ----D---- C:\\Users\\perez\\AppData\\Roaming\\Canon
2009-10-21 15:21:00 ----D---- C:\\Windows\\Tasks
2009-10-21 15:21:00 ----D---- C:\\Program Files\\Google
2009-10-21 14:57:29 ----HD---- C:\\ProgramData
2009-10-19 23:24:59 ----SD---- C:\\Users\\perez\\AppData\\Roaming\\Microsoft
2009-10-15 09:52:07 ----D---- C:\\Windows\\Microsoft.NET
2009-10-15 09:50:11 ----D---- C:\\Program Files\\Windows Mail
2009-10-15 09:50:10 ----D---- C:\\Windows\\ehome
2009-10-15 09:50:09 ----D---- C:\\Windows\\system32\\migration
2009-10-14 22:49:00 ----D---- C:\\Windows\\system32\\drivers
2009-10-13 15:32:39 ----D---- C:\\Windows\\system32\\Tasks
2009-10-10 14:24:16 ----D---- C:\\Program Files\\DivX
2009-10-10 14:23:57 ----D---- C:\\Program Files\\Common Files\\DivX Shared
2009-10-03 12:19:01 ----D---- C:\\Windows\\PolicyDefinitions
2009-10-02 19:01:57 ----A---- C:\\Windows\\system32\\mrt.exe
2009-10-01 20:18:17 ----D---- C:\\Windows\\Logs
2009-10-01 18:05:15 ----D---- C:\\Windows
2009-10-01 18:04:58 ----SHD---- C:\\Boot
2009-10-01 18:04:58 ----ASH---- C:\\Program Files\\desktop.ini
2009-10-01 18:03:48 ----D---- C:\\Windows\\system32\\wbem
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Sidebar
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Photo Gallery
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Journal
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Collaboration
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Windows Calendar
2009-10-01 17:58:40 ----D---- C:\\Program Files\\Movie Maker
2009-10-01 17:58:39 ----D---- C:\\Windows\\servicing
2009-10-01 17:58:39 ----D---- C:\\Program Files\\Windows Defender
2009-10-01 17:58:39 ----D---- C:\\Program Files\\Common Files\\System
2009-10-01 17:58:37 ----D---- C:\\Windows\\MSAgent
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\sk-SK
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\lv-LV
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\ko-KR
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\hr-HR
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\et-EE
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\da-DK
2009-10-01 17:58:36 ----D---- C:\\Windows\\system32\\com
2009-10-01 17:58:36 ----D---- C:\\Windows\\L2Schemas
2009-10-01 17:58:36 ----D---- C:\\Windows\\IME
2009-10-01 17:58:36 ----D---- C:\\Windows\\DigitalLocker
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\sysprep
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\oobe
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\it-IT
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\fr
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\en-US
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\el-GR
2009-10-01 17:58:35 ----D---- C:\\Windows\\system32\\de-DE
2009-10-01 17:58:34 ----D---- C:\\Windows\\system32\\ru-RU
2009-10-01 17:58:34 ----D---- C:\\Windows\\system32\\ias
2009-10-01 17:58:34 ----D---- C:\\Windows\\system32\\AdvancedInstallers
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\sv-SE
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\SLUI
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\setup
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\pt-PT
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\hu-HU
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\he-IL
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\fi-FI
2009-10-01 17:58:32 ----D---- C:\\Windows\\system32\\cs-CZ
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\zh-TW
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\zh-CN
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\uk-UA
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\sr-Latn-CS
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\sl-SI
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\pl-PL
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\manifeststore
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\ja-JP
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\es-ES
2009-10-01 17:58:31 ----D---- C:\\Windows\\system32\\bg-BG
2009-10-01 17:58:30 ----D---- C:\\Windows\\system32\\tr-TR
2009-10-01 17:58:30 ----D---- C:\\Windows\\system32\\th-TH
2009-10-01 17:58:30 ----D---- C:\\Windows\\system32\\ro-RO
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\nl-NL
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\nb-NO
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\lt-LT
2009-10-01 17:58:29 ----D---- C:\\Windows\\system32\\ar-SA
2009-10-01 17:58:28 ----D---- C:\\Windows\\system32\\migwiz
2009-10-01 17:58:27 ----D---- C:\\Windows\\system32\\pt-BR
2009-10-01 17:58:08 ----D---- C:\\Windows\\AppPatch
2009-10-01 17:58:02 ----D---- C:\\Windows\\system32\\Boot
2009-10-01 17:58:02 ----D---- C:\\Windows\\Boot
2009-10-01 17:57:13 ----D---- C:\\ProgramData\\NVIDIA
2009-10-01 17:52:30 ----D---- C:\\Windows\\system32\\RTCOM
2009-10-01 17:43:25 ----A---- C:\\Windows\\system32\\ifxcardm.dll
2009-10-01 17:43:24 ----A---- C:\\Windows\\system32\\axaltocm.dll
2009-09-21 12:19:04 ----D---- C:\\Program Files\\MegauploadToolbar
2009-09-15 18:31:05 ----D---- C:\\Program Files\\Xvid
2009-09-10 17:07:58 ----D---- C:\\Program Files\\MSECache
2009-09-07 17:58:28 ----D---- C:\\Windows\\registration
2009-09-07 16:40:35 ----D---- C:\\Windows\\system32\\config
2009-09-05 17:30:40 ----D---- C:\\Windows\\system32\\spool
2009-08-18 13:40:50 ----D---- C:\\Program Files\\Acer GameZone
2009-08-17 17:10:20 ----A---- C:\\Windows\\system32\\aswBoot.exe
2009-08-14 12:15:56 ----D---- C:\\ProgramData\\NOS
2009-08-14 06:46:39 ----D---- C:\\Program Files\\NOS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\\Windows\\system32\\drivers\\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\\Windows\\system32\\drivers\\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\\Windows\\system32\\drivers\\aswTdi.sys [2009-08-17 51376]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \\??\\C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\000.fcl [2007-08-31 39408]
R2 aswFsBlk;aswFsBlk; C:\\Windows\\system32\\DRIVERS\\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\\Windows\\system32\\DRIVERS\\aswMonFlt.sys [2009-08-17 53328]
R2 BsUDF;InCD UDF Driver; C:\\Windows\\system32\\drivers\\BsUDF.sys [2002-01-30 305920]
R2 int15;int15; \\??\\C:\\Acer\\Empowering Technology\\eRecovery\\int15.sys [2007-07-03 15392]
R2 sbapifs;sbapifs; C:\\Windows\\system32\\DRIVERS\\sbapifs.sys [2009-06-18 69168]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\\Windows\\system32\\drivers\\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\\Windows\\system32\\drivers\\RTKVHDA.sys [2007-10-17 1971928]
R3 NTIDrvr;Upper Class Filter Driver; C:\\Windows\\system32\\DRIVERS\\NTIDrvr.sys [2007-12-03 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\\Windows\\system32\\DRIVERS\\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\\Windows\\system32\\DRIVERS\\nvlddmkm.sys [2007-11-06 8230496]
R3 nvsmu;nvsmu; C:\\Windows\\system32\\DRIVERS\\nvsmu.sys [2007-07-07 12032]
R3 pcouffin;VSO Software pcouffin; C:\\Windows\\System32\\Drivers\\pcouffin.sys [2009-02-06 47360]
R3 StillCam;Pilote d\'appareil photo numérique série; C:\\Windows\\system32\\DRIVERS\\serscan.sys [2008-01-19 9216]
R3 usbscan;Pilote de scanneur USB; C:\\Windows\\system32\\DRIVERS\\usbscan.sys [2008-01-19 35328]
R3 WsAudioDevice_383;WsAudioDevice_383; C:\\Windows\\system32\\drivers\\WsAudioDevice_383.sys [2008-11-19 16640]
R3 WUDFRd;WUDFRd; C:\\Windows\\system32\\DRIVERS\\WUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\\Windows\\system32\\drivers\\drmkaud.sys [2008-01-19 5632]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d\'horloge de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\\Windows\\system32\\drivers\\MSTEE.sys [2008-01-19 6016]
S3 SBRE;SBRE; \\??\\C:\\Windows\\system32\\drivers\\SBREdrv.sys [2009-06-18 92464]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\\Windows\\system32\\DRIVERS\\snpstd3.sys [2006-09-15 10205696]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\\Windows\\system32\\DRIVERS\\wmiacpi.sys [2006-11-02 11264]
S3 WSVD;WSVD; \\??\\C:\\Windows\\system32\\drivers\\WSVD.sys [2006-09-19 80744]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\CLMSServer.exe [2007-06-21 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe [2007-04-16 28672]
R2 ALaunchService;ALaunch Service; C:\\Acer\\ALaunch\\ALaunchSvc.exe [2007-01-26 50688]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe [2009-08-17 138680]
R2 eDataSecurity Service;eDSService.exe; C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSService.exe [2007-04-25 457512]
R2 eRecoveryService;eRecovery Service; C:\\Acer\\Empowering Technology\\eRecovery\\eRecoveryService.exe [2007-09-10 57344]
R2 hpzstatn;Printer Status Server; C:\\Windows\\system32\\spool\\drivers\\w32x86\\hpzstatn.exe [2000-04-17 503296]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe [2007-01-17 61440]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe [2006-07-19 262247]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe [2009-08-17 352920]
S2 SBAMSvc;AntiMalware; C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBAMSvc.exe [2009-06-18 894248]
S3 gusvc;Google Software Updater; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2009-09-04 194032]
S3 odserv;Microsoft Office Diagnostics Service; C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Bonsoir

tu as entre autre,une infection transmise par clé usb



* Rends-toi à cette adresse
forum-aide-contre-virus.be/download/UsbFix.html
afin de télécharger UsbFix (créé par Chiquitine29 & C_XX) :

* Clique sur TÉLÉCHARGER et enregistre-le sur ton bureau.
* tutoriel recherche pagesperso-orange.fr/NosTools/tuto_usbfix2.html
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d\'avoir été infectés sans les ouvrir
* clic droit sur le raccourci UsbFix sur ton bureau,exécuter en tant qu\'administrateur, l\'installation se fera automatiquement
* Choisi l\'option 1 (recherche)
* Laisse travailler l\'outil
* Ensuite post le rapport UsbFix.txt qui apparaîtra
* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

* Note : \"Process.exe\", une composante de l\'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s\'agit pas d\'un virus, mais d\'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d\'où l\'alerte émise par ces antivirus

Bonjour,
Appremment j\'ai un gros souci avec memoclic qui ne veut pas relayer mes réponses je retente encore le coup une fois, sinon à demain


############################## | UsbFix V6.046 |

User : perez (Administrateurs) # PC-DE-PEREZ
Update on 29/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 00:21:26 | 30/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled

C:\\ -> Disque fixe local # 228,12 Go (139,5 Go free) [ACER] # NTFS
D:\\ -> Disque fixe local # 227,87 Go (219,13 Go free) [DATA] # NTFS
F:\\ -> Disque CD-ROM # 628,75 Mo (0 Mo free) [SAUV3] # CDFS
G:\\ -> Disque amovible # 3,76 Go (1,58 Go free) # FAT32
H:\\ -> Disque amovible # 3,78 Go (1,01 Go free) [USB DISK] # FAT32
I:\\ -> Disque amovible # 3,78 Go (1,43 Go free) [USB DISK] # FAT32

############################## | Processus actifs |

C:\\Windows\\System32\\smss.exe
C:\\Windows\\system32\\csrss.exe
C:\\Windows\\system32\\wininit.exe
C:\\Windows\\system32\\csrss.exe
C:\\Windows\\system32\\services.exe
C:\\Windows\\system32\\lsass.exe
C:\\Windows\\system32\\lsm.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\winlogon.exe
C:\\Windows\\System32\\svchost.exe
C:\\Windows\\System32\\svchost.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\SLsvc.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\svchost.exe
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\System32\\spoolsv.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Program Files\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\CLMSServer.exe
C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe
C:\\Acer\\ALaunch\\ALaunchSvc.exe
C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSService.exe
C:\\Windows\\system32\\spool\\drivers\\w32x86\\hpzstatn.exe
C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
C:\\Windows\\system32\\svchost.exe
C:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\System32\\svchost.exe
C:\\Windows\\system32\\SearchIndexer.exe
C:\\Acer\\Empowering Technology\\eRecovery\\eRecoveryService.exe
C:\\Windows\\system32\\WUDFHost.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
C:\\Windows\\system32\\wbem\\wmiprvse.exe
C:\\Users\\perez\\AppData\\Roaming\\eoRezo\\SoftwareUpdate\\SoftwareUpdateHP.exe
C:\\Windows\\RtHDVCpl.exe
C:\\Acer\\Empowering Technology\\SysMonitor.exe
C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSLoader.exe
C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe
C:\\Windows\\System32\\nvraidservice.exe
C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Windows\\tsnpstd3.exe
C:\\Windows\\vsnpstd3.exe
C:\\Program Files\\AMT Media Manager\\AMTDeviceService.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Users\\perez\\AppData\\Roaming\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe
C:\\Windows\\system32\\wbem\\wmiprvse.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Acer\\Empowering Technology\\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\\Acer\\Empowering Technology\\eRecovery\\ERAGENT.EXE
C:\\Windows\\system32\\wbem\\unsecapp.exe
C:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbarUser_32.exe
C:\\Windows\\system32\\SearchProtocolHost.exe
C:\\Program Files\\QUAD Utilities\\QUAD AntiSpyware\\SBAMSvc.exe
C:\\Windows\\system32\\conime.exe
C:\\Windows\\system32\\wuauclt.exe
C:\\Windows\\system32\\rundll32.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\mobsync.exe

################## | Fichiers # Dossiers infectieux |

C:\\tmp
E:\\autorun.inf
G:\\autorun.inf
G:\\autorun.inf -> fichier appelé : \"G:\\SETUP.EXE -O\" ( Absent ! )
H:\\autorun.inf

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

HKCU\\..\\..\\Explorer\\MountPoints2\\G
shell\\AutoRun\\command =G:\\MediaManager.exe

HKCU\\..\\..\\Explorer\\MountPoints2\\{09d9cdeb-c4e1-11de-b2ee-001d927f9b79}
shell\\AutoRun\\command =E:\\WDSetup.exe

HKCU\\..\\..\\Explorer\\MountPoints2\\{b5eee18a-29d0-11de-bb33-001d927f9b79}
shell\\AutoRun\\command =SETUP.EXE -0
shell\\Explore\\Command =SETUP.EXE -E
shell\\Open\\Command =SETUP.EXE -O

HKCU\\..\\..\\Explorer\\MountPoints2\\{e37ca34d-71f8-11de-a2ca-001d927f9b79}
shell\\AutoRun\\command =G:\\MediaManager.exe

################## | Suspect | http://www.virustotal.com |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.046 ! |

Bonjour,

désolé pour l\'attente mais je tentai depuis 23h30 de te répondre j\'espère que je ne t\'ai pas trop fait poireauter? Merci encore pour ton aide. Dans mes mails précedents je signalais qu\'en téléchargeant usb fix l\'ordi avait bugué.

Bonjour,

tu as bien travaillé ,mais ce n\'est pas fini ,l\'outil a bien détecté l\'infection il faut maintenant la supprimer

tu vas faire ceci


* tutoriel nettoyage pagesperso-orange.fr/NosTools/tuto_usbfix3.html
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d\'avoir été infectés sans les ouvrir
* Double clic sur le raccourci UsbFix présent sur ton bureau,clic droit sous vista et exécuter en tant qu\'administrateur
* choisi [S]l\'option 2 [/S]( Suppression )
* Ton bureau disparaîtra et le pc redémarrera .
* Au redémarrage , UsbFix scannera ton pc , laisse travailler l\'outil.
* Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau .
* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:UsbFix.txt )
* ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
* :!: UsbFix te proposera d\'uploader un dossier compressé à cette adresse : forum-aide-contre-virus.be/usbfix/choix_fichier.php
* Ce dossier a été créé par UsbFix et est enregistré sur ton bureau.
* Merci de l\'envoyer à l\'adresse indiquée afin d\'aider l\'auteur de UsbFix dans ses recherches.
* Merci d\'avance pour ta contribution !!

Bonjour,je suis en train de regarder mais apparemment usbfix n\'a pas analysé mon disque dur ext. faut-il que je le relance?

Bonjour,

j\'attends ta réponse à mon dernier mail avant d\'attaquer la suite que tu m\'as conseillé.

Bonjour,

je suis présent quelques minutes sur mémoclic, tu peux maintenant lancer les outils demandés par jllg, le rogue n\'est plus actif.

Bonne chassse à tous les deux et ne vous laisser pas distraire par un des membres de ce forum du nom de mezig qui ne connait rien à la désinfection, et c\'est pas faute de lui dire, il doit être sourd je pense.

@+ tu es entre de bonnes mains ray66300, sinon je n\'aurais pas fait appel à jllg qui a toute ma confiance.

Merci encore pour ta confiance et bon week end

Bonjour,

était \'il allumé ce disque pendant le scan?

Bonjour,

merci malwarebleach je vous fais entièrement confiance à tous les 2.

Bonjour,
a priori oui, mais je ne saurai le jurer en tt cas il était branché! Je récapitule j\'avais en fonction 3 clefs usb 4.0, min lecteur dvd et le disque dur ext. en regardant je n\'ai vu que les 3 clefs et le lecteur.