pblm csrss.exe [résolu]

Bonjour,
:hello:
Je voudrais savoir qui peut m'aider concernant un pblm qui préoccupe mn jeudi soir.
Depuis hier, jai un pblm qui survient a peu près tte les 15min.
J'ai 3messages qui s'affiche espacé a peu près de 1minute ;

1er message: trojan:Win32/Vundo.gen!AG pblm qualifié de GRAVE, or on me propose de l'effacer , ce qui ne donne rien.

2ème message: voulez vs exécuter csrss.exe d'éditeur inconnu?

3ème message: un message en bas a droite de mon bureau apparait me déclarant la suppression d'un cheval de troie voici des détails:
A propos de ce Cheval de Troie Détecté: Generic Packed (Cheval de Troie), Generic Packed (Cheval de Troie) Emplacement: C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5CDZRXA\tnjxxll[1].htm

Et de plus depuis maintenant 1h il y a sans cesse des pages de publicité qui s'ouvrent tt seul.

Voila , alors les Dieux de l'informatique Help me

Merci d'avance.

P.S.: Mon antivius est Mcfee.

Message édité par bobo_daf le 21-12-2008 à 12:11:31

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

personne??

Répondre à bobo_daf

bonsoir
à faire dans l'ordre:
1
Télécharger Rooter.exe sur ton bureau
Double clique dessus et poster le rapport ( %Systemdrive%\Rooter.txt )

2
Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :

Fais redémarrer ton ordinateur en mode sans échec

- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

Aide :

++++++++++++++++

Message édité par Sham_Rock le 11-12-2008 à 21:58:59

Répondre à Sham_Rock

Alors pour la 1ère étape, voicice quej'obtiens:
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL6
BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:111 Go (Free:86 Go)
D:\ (Local Disk) - NTFS - Total:107 Go (Free:107 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

11/12/2008|22:03

----------------------\\ Search..

----------------------\\ Cracks & Keygens..

C:\Users\VAROH~1\AppData\Local\Temp\Temp1_alice greenfingerscrack (ZWT).zip
C:\Users\VAROH~1\AppData\Roaming\Microsoft\Windows\Recent\alice greenfingerscrack (ZWT).lnk

1 - "C:\Rooter$\Rooter_1.txt" - 11/12/2008|22:02
2 - "C:\Rooter$\Rooter_2.txt" - 11/12/2008|22:04

----------------------\\ Scan completed at 22:04

Message édité par bobo_daf le 11-12-2008 à 23:49:19

Répondre à bobo_daf

re
ok, tu peux continuer.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Voici pr la 2ème étape:

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1490
Windows 6.0.6001 Service Pack 1

11/12/2008 22:51:33
mbam-log-2008-12-11 (22-51-33).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 151852
Temps écoulé: 17 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\cwindows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Logon Applicationedc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\\AppData\Local\Temp\jkkLbAtr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJUAE8US\fymmwnb[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Message édité par bobo_daf le 11-12-2008 à 23:51:11

Répondre à bobo_daf

p.s: c'est très aimable de mettre votre temps pr moi

Répondre à bobo_daf

Enfet je crois que le pblm est réglé...
MERCIIIIIIII BCPPPPP

Répondre à bobo_daf

re

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport :C: \Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

just un petit détail: J'arrive pas à désactiver McAfee, et puis comment je peux être sûr que TOUTES les protections st désactivés?
Mici

Répondre à bobo_daf

Je pense que vs dormez
Ba merci qd mm , on vérra la suite demin .
Bnne nuit

Répondre à bobo_daf

re

tu dois pouvoir faire un clic droit sur l'icône McAfee qui est en bas à droite de ton écran... tu désactives à partir de là.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

c'est bien ce que j'ai fais mais il n'y a rien marqué de tel :s

Répondre à bobo_daf

on va vérifier quelque chose avant...
Télécharge DDS et sauvegarde-le sur ton bureau.

Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

alors voici 1er résultat:

DDS (Version 1.0.1) - NTFSx86
Run by Vaf.R at 23:19:01,51 on 12/12/2008
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1821 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\vfsFPService.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Users\VAFROH~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Vaf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZXK5DL4W\dds[1].scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://fr.fr.acer.yahoo.com
mStart Page = hxxp://fr.fr.acer.yahoo.com
mDefault_Page_URL = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: 3acb0bdd511 - c:\windows\system32\d3d8thk32.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
AppInit_DLLs: c:\windows\system32\d3d8thk32.dll
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

================= FIREFOX ===================

FF - ProfilePath - c:\users\vafroh~1\appdata\roaming\mozilla\firefox\profiles\7zeusdf0.default\
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-11-8 43184]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-11-8 41456]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;"c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe" [2008-2-25 21752]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-11-8 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-26 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-11-8 3474432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\McSACore.exe" [2008-11-9 203280]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-2-25 49152]
R2 NTIPPKernel;NTIPPKernel;\??\c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-11-8 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-2-25 131072]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-11-8 233472]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-22 599344]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-3-26 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1E60x86.sys [2008-9-23 48128]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-22 40752]

=============== Created Last 30 ================

2008-12-11 22:24 118 a------- c:\windows\system32\MRT.INI
2008-12-11 22:19 <DIR> --d----- c:\users\vafroh~1\appdata\roaming\Malwarebytes
2008-12-11 22:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-11 22:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 22:19 <DIR> --d----- c:\programdata\Malwarebytes
2008-12-11 22:19 <DIR> --d----- c:\progra~2\Malwarebytes
2008-12-11 22:01 <DIR> --d----- C:\Rooter$
2008-12-11 18:43 <DIR> --d----- c:\users\vafâ rohani\.housecall6.6
2008-12-10 18:46 2,048 a------- c:\windows\system32\tzres.dll
2008-12-10 18:34 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-10 18:34 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-10 18:18 316 a------- c:\windows\system32\998.bat
2008-12-10 18:18 <DIR> --d----- c:\windows\system32\uXPi02
2008-12-10 18:18 <DIR> --d----- c:\temp\DIV55
2008-12-10 18:18 <DIR> --d----- C:\Temp
2008-12-06 15:00 <DIR> --d----- c:\program files\Veoh Networks
2008-12-03 13:14 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-03 13:14 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-03 13:14 <DIR> --d----- c:\program files\iPod
2008-12-03 13:14 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 13:14 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 13:14 <DIR> --d----- c:\program files\iTunes
2008-12-03 13:14 <DIR> --d----- c:\program files\Bonjour
2008-12-03 13:13 <DIR> --d----- c:\programdata\Apple Computer
2008-12-03 13:12 <DIR> --d----- c:\programdata\Apple
2008-12-02 21:09 <DIR> --d----- c:\program files\DivX
2008-12-02 20:59 <DIR> --d----- c:\program files\VideoLAN
2008-12-01 11:18 192,824 a------- c:\windows\system32\poinstall.exe
2008-12-01 11:17 53,940 a------- c:\windows\system32\cont_adzgalore-remove.exe
2008-11-26 14:01 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-26 14:01 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-11-26 14:01 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-11-26 14:01 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-11-26 14:01 1,645,568 a------- c:\windows\system32\connect.dll
2008-11-26 12:38 <DIR> --d----- c:\users\VafOption
2008-11-23 10:29 <DIR> --d----- c:\users\vafroh~1\appdata\roaming\LimeWire
2008-11-23 10:29 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-23 10:25 <DIR> --d----- c:\program files\LimeWire
2008-11-21 23:41 <DIR> --d----- c:\program files\common files\xing shared
2008-11-21 23:41 <DIR> --d----- c:\program files\common files\Real
2008-11-19 12:59 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-11-19 12:59 83,456 a------- c:\windows\system32\wudriver.dll
2008-11-19 12:58 162,064 a------- c:\windows\system32\wuwebv.dll
2008-11-19 12:58 31,232 a------- c:\windows\system32\wuapp.exe
2008-11-16 10:28 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-13 20:19 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

==================== Find3M ====================

2008-12-12 23:18 3,407,872 a--sh--- c:\users\vaf\ntuser.dat
2008-12-03 13:12 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-03 13:12 86,016 a------- c:\windows\inf\infstor.dat
2008-12-03 13:12 51,200 a------- c:\windows\inf\infpub.dat
2008-12-02 18:16 669,566 a------- c:\windows\system32\perfh00C.dat
2008-12-02 18:16 123,556 a------- c:\windows\system32\perfc00C.dat
2008-11-08 12:59 665,600 a------- c:\windows\inf\drvindex.dat
2008-11-08 12:15 1,548,099 a------- c:\windows\system32\VMC3KAPI.dll
2008-11-08 12:15 114,688 a------- c:\windows\system32\VCryptAPI.dll
2008-11-08 12:15 23,040 a------- c:\windows\system32\ShlCmd.exe
2008-11-08 12:15 5,632 a------- c:\windows\system32\biologon.dll
2008-11-08 12:15 331,776 a------- c:\windows\system32\DrvCrypt.dll
2008-11-08 12:15 43,184 a------- c:\windows\system32\drivers\AlfaFF.sys
2008-11-08 12:15 16,384 a------- c:\windows\system32\AlfaFF.dll
2008-11-08 12:14 192,512 a------- c:\windows\system32\BioOne.dll
2008-11-08 12:14 189,952 a------- c:\windows\system32\PBAGUI.dll
2008-11-01 04:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 04:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 04:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 04:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 04:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-29 07:29 2,927,104 a------- c:\windows\explorer.exe
2008-10-21 06:25 296,960 a------- c:\windows\system32\gdi32.dll
2008-10-16 05:47 827,392 a------- c:\windows\system32\wininet.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-23 17:46 245,408 a------- c:\windows\system32\unicows.dll
2008-09-19 22:55 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-09-19 22:55 200,704 a------- c:\windows\system32\ssldivx.dll
2008-09-18 06:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 06:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-09-18 05:56 125,952 a------- c:\windows\system32\wersvc.dll
2008-09-18 05:56 147,456 a------- c:\windows\system32\Faultrep.dll
2008-09-18 03:16 2,032,640 a------- c:\windows\system32\win32k.sys
2008-01-21 09:37 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
2008-01-21 09:37 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
2008-01-21 09:37 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
2008-01-21 09:37 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:19:48,08 ===============

Message édité par bobo_daf le 12-12-2008 à 23:31:48

Répondre à bobo_daf

Et le 2ème rapport :

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 08/11/2008 12:02:22
System Uptime: 12/12/2008 23:13:29 (0 hours ago)

Motherboard: Acer | | Aspire 6920
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 111 GiB total, 86,247 GiB free.
D: is FIXED (NTFS) - 108 GiB total, 107,809 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe
Acer Bio Protection
Acer Crystal Eye webcam Ver:1.1.58.429
Acer eAudio Management
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer VCM
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Agatha Christie Death on the Nile
Agere Systems HDA Modem
Alice Greenfingers
Apple Mobile Device Support
Apple Software Update
Assistant de connexion Windows Live
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Azada
Backspin Billiards
Big Kahuna Reef
Bonjour
Bricks of Egypt
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 3
Contextual Tool Adzgalore
Diner Dash Flo on the Go
DivX Web Player
eSobi v2
Google Toolbar for Internet Explorer
Intel® Matrix Storage Manager
ITECIR Driver
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 11
Jewel Quest Solitaire
JMicron JMB38X Flash Media Controller
Launch Manager
LightScribe 1.4.142.1
LimeWire 4.18.8
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Messenger Plus! Live
Microsoft Office Excel MUI (French) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Orion
PhotoNow!
PowerDirector
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Skins
SPORE™ L’atelier des Créatures – version d’essai
Synaptics Pointing Device Driver
Turbo Pizza
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Office 2007 (KB946691)
Validity Sensors software
Veoh Web Player Beta
VLC media player 0.9.4
WIDCOMM Bluetooth Software 6.0.1.5000
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Toolbar
Zuma Deluxe

==== Event Viewer Messages ===================

==== End Of File ===========================

Répondre à bobo_daf

re
il en reste
je n'ai qu'un tuto en anglais pour McAfee:
http://netsecurity.about.com/od/st [...] eeav_9.htm

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Voici le rapport:

ComboFix 08-12-12.05 - VafRoh 2008-12-13 14:16:44.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.1973 [GMT 1:00]
Lancé depuis: c:\users\VafRoh\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\temp\DIV55
c:\users\VafRoh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 792
c:\windows\system32\biologon.dll
c:\windows\system32\uXPi02
c:\windows\Tasks\dvtocore.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-13 au 2008-12-13 ))))))))))))))))))))))))))))))))))))
.

2008-12-11 22:24 . 2008-12-11 22:24 118 --a------ c:\windows\System32\MRT.INI
2008-12-11 22:19 . 2008-12-11 22:19 <REP> d-------- c:\users\VafRoh\AppData\Roaming\Malwarebytes
2008-12-11 22:19 . 2008-12-11 22:19 <REP> d-------- c:\users\All Users\Malwarebytes
2008-12-11 22:19 . 2008-12-11 22:19 <REP> d-------- c:\programdata\Malwarebytes
2008-12-11 22:19 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-11 22:19 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-11 22:01 . 2008-12-11 22:07 <REP> d-------- C:\Rooter$
2008-12-11 18:43 . 2008-12-11 19:53 <REP> d-------- c:\users\VafRoh\.housecall6.6
2008-12-11 18:43 . 2008-12-11 19:53 <REP> d-------- c:\users\VafRoh\.housecall6.6
2008-12-11 18:42 . 2008-12-11 18:42 <REP> d-------- c:\windows\Sun
2008-12-11 18:38 . 2008-12-11 19:12 <REP> d-------- c:\windows\avxoscan
2008-12-10 18:46 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 18:34 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-10 18:34 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-10 18:21 . 2008-12-10 18:21 <REP> d-------- c:\program files\Electronic Arts
2008-12-10 18:18 . 2008-12-13 14:17 <REP> d-------- C:\Temp
2008-12-10 18:18 . 2008-12-10 18:18 316 --a------ c:\windows\System32\998.bat
2008-12-06 15:00 . 2008-12-06 15:00 <REP> d-------- c:\program files\Veoh Networks
2008-12-03 15:55 . 2008-12-03 15:55 <REP> d-------- c:\users\VafRoh\AppData\Roaming\dvdcss
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d----c--- c:\windows\System32\DRVSTORE
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d-------- c:\users\VafRoh\AppData\Roaming\Apple Computer
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d-------- c:\program files\iTunes
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d-------- c:\program files\iPod
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d-------- c:\program files\Bonjour
2008-12-03 13:14 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-12-03 13:14 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-12-03 13:13 . 2008-12-03 13:14 <REP> d-------- c:\users\All Users\Apple Computer
2008-12-03 13:13 . 2008-12-03 13:14 <REP> d-------- c:\programdata\Apple Computer
2008-12-03 13:13 . 2008-12-03 13:13 <REP> d-------- c:\program files\QuickTime
2008-12-03 13:13 . 2008-12-03 13:13 <REP> d-------- c:\program files\Apple Software Update
2008-12-03 13:12 . 2008-12-03 13:12 <REP> d-------- c:\users\All Users\Apple
2008-12-03 13:12 . 2008-12-03 13:12 <REP> d-------- c:\programdata\Apple
2008-12-03 13:12 . 2008-12-03 13:14 <REP> d-------- c:\program files\Common Files\Apple
2008-12-02 21:09 . 2008-12-02 21:09 <REP> d-------- c:\program files\DivX
2008-12-02 21:00 . 2008-12-02 21:08 <REP> d-------- c:\users\VafRoh\AppData\Roaming\vlc
2008-12-02 20:59 . 2008-12-02 20:59 <REP> d-------- c:\program files\VideoLAN
2008-12-01 11:18 . 2008-12-01 11:19 192,824 --a------ c:\windows\System32\poinstall.exe
2008-12-01 11:17 . 2008-12-02 17:56 53,940 --a------ c:\windows\System32\cont_adzgalore-remove.exe
2008-11-26 14:01 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 14:01 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 14:01 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 14:01 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 14:01 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 12:38 . 2008-11-26 12:38 <REP> d-------- c:\users\VafRoh\Option
2008-11-26 12:38 . 2008-11-26 12:38 <REP> d-------- c:\users\VafRoh\Option
2008-11-23 11:16 . 2008-11-23 11:16 <REP> d-------- c:\program files\Microsoft Silverlight
2008-11-23 10:29 . 2008-12-10 18:22 <REP> d-------- c:\users\VafRoh\AppData\Roaming\LimeWire
2008-11-23 10:29 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll
2008-11-23 10:28 . 2008-12-03 12:49 <REP> d-------- c:\program files\Java
2008-11-23 10:25 . 2008-11-23 10:26 <REP> d-------- c:\program files\LimeWire
2008-11-21 23:41 . 2008-11-21 23:41 <REP> d-------- c:\program files\Common Files\xing shared
2008-11-21 23:41 . 2008-11-21 23:41 <REP> d-------- c:\program files\Common Files\Real
2008-11-21 23:40 . 2008-11-22 23:55 <REP> d-------- c:\users\VafRoh\AppData\Roaming\Real
2008-11-21 23:40 . 2008-11-21 23:40 <REP> d-------- c:\program files\Real
2008-11-19 12:59 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-19 12:59 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-19 12:59 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-19 12:59 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-19 12:59 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-19 12:59 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-19 12:59 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-19 12:58 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-19 12:58 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 10:28 . 2008-11-16 10:28 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-13 20:19 . 2008-11-13 20:19 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 13:21 3,670,016 --sha-w c:\users\VafRoh\ntuser.dat
2008-12-13 13:21 3,670,016 --sha-w c:\users\VafRoh\ntuser.dat
2008-12-12 15:09 --------- d-----w c:\program files\McAfee
2008-12-11 21:19 --------- d-----w c:\users\VafRoh\AppData\Roaming\Malwarebytes
2008-12-10 22:12 --------- d-s---w c:\users\VafRoh\AppData\Roaming\Microsoft
2008-12-10 17:49 --------- d-----w c:\programdata\Microsoft Help
2008-12-10 17:49 --------- d-----w c:\program files\Windows Mail
2008-12-10 17:22 --------- d-----w c:\users\VafRoh\AppData\Roaming\LimeWire
2008-12-10 17:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 14:55 --------- d-----w c:\users\VafRoh\AppData\Roaming\dvdcss
2008-12-03 12:14 --------- d-----w c:\users\VafRoh\AppData\Roaming\Apple Computer
2008-12-02 20:08 --------- d-----w c:\users\VafRoh\AppData\Roaming\vlc
2008-11-22 22:55 --------- d-----w c:\users\VafRoh\AppData\Roaming\Real
2008-11-17 15:53 --------- d-----w c:\programdata\CyberLink
2008-11-16 13:36 --------- d-----w c:\programdata\Messenger Plus!
2008-11-10 04:05 --------- d-----w c:\users\VafRoh\AppData\Roaming\Adobe
2008-11-09 15:05 --------- d-----w c:\programdata\SiteAdvisor
2008-11-09 11:13 --------- d-----w c:\programdata\McAfee
2008-11-09 07:48 --------- d-----w c:\users\VafRoh\AppData\Roaming\Mozilla
2008-11-09 00:59 --------- d-----w c:\users\VafRoh\AppData\Roaming\Acer
2008-11-08 20:37 --------- d-----w c:\users\VafRoh\AppData\Roaming\CyberLink
2008-11-08 20:37 --------- d-----w c:\programdata\PlayMovie
2008-11-08 13:05 --------- d-----w c:\programdata\Yahoo! Companion
2008-11-08 12:52 --------- d-----w c:\programdata\Yahoo!
2008-11-08 12:47 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-08 12:44 --------- d-----w c:\users\VafRoh\AppData\Roaming\Yahoo!
2008-11-08 12:43 --------- d-----w c:\program files\Yahoo!
2008-11-08 12:43 --------- d-----w c:\program files\Windows Live
2008-11-08 12:41 --------- d-----w c:\programdata\WLInstaller
2008-11-08 12:05 --------- d-----w c:\users\VafRoh\AppData\Roaming\Google
2008-11-08 11:55 --------- d-----w c:\program files\Acer Inc
2008-11-08 11:51 --------- d-----w c:\program files\Microsoft Works
2008-11-08 11:50 --------- d-----w c:\program files\MSXML 4.0
2008-11-08 11:50 --------- d-----w c:\program files\Acer Arcade Deluxe
2008-11-08 11:50 --------- d-----w c:\program files\Acer
2008-11-08 11:42 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-08 11:23 --------- d-----w c:\program files\Google
2008-11-08 11:22 --------- d-----w c:\program files\Launch Manager
2008-11-08 11:18 --------- d-----w c:\users\VafRoh\AppData\Roaming\Macromedia
2008-11-08 11:17 --------- d-----w c:\program files\WIDCOMM
2008-11-08 11:15 43,184 ----a-w c:\windows\system32\drivers\AlfaFF.sys
2008-11-08 11:14 --------- d-----w c:\users\VafRoh\AppData\Roaming\Validity
2008-11-08 11:14 --------- d-----w c:\program files\Validity Sensors, Inc
2008-11-08 11:12 --------- d-----w c:\program files\Intel
2008-11-08 11:11 --------- d-----w c:\users\VafRoh\AppData\Roaming\InstallShield
2008-11-08 11:11 --------- d-----w c:\users\VafRoh\AppData\Roaming\ATI
2008-11-08 11:11 --------- d-----w c:\programdata\ATI
2008-11-08 11:10 --------- d-----w c:\users\VafRoh\AppData\Roaming\Identities
2008-11-08 11:06 --------- d-sh--w c:\programdata\Modèles
2008-11-08 11:06 --------- d-sh--w c:\programdata\Menu Démarrer
2008-11-08 11:06 --------- d-sh--w c:\programdata\Favoris
2008-11-08 11:06 --------- d-sh--w c:\programdata\Bureau
2008-11-08 11:06 --------- d-sh--w c:\program files\Fichiers communs
2008-11-08 11:01 --------- d-----w c:\program files\ATI Technologies
2008-11-08 11:00 --------- d-----w c:\program files\ATI
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-11-08 3659264]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-28 809480]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-03-05 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-03-05 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-03-04 167936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-21 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-11-08 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-11-08 12:15 3024896 c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\d3d8thk32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{381F5D20-CA67-4750-822F-1954BE64C812}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{D74563FA-08D4-4748-9BA6-CE054D6EF47A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F5FA9575-8059-46A6-98AF-53F1A058A16D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{49D39706-E2E2-43B9-A364-9303B76DC1B6}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3D3DE517-3166-4E93-B5C7-B3CCE0C172C2}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{498011BF-7211-443F-939B-5DDB64FF079A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{22FE577E-43C8-4B8F-9F10-B01EA6F75C86}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{7F06B4FC-9FA5-49A5-8234-9E9C544AA303}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{4F849E18-5DF4-47CD-8C88-A42DEED3D782}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{33848A1F-9210-4361-8098-054468A7A0E8}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{08F2E4BF-5044-4B18-A80A-6465911ADFED}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{1EBF756B-463A-4B48-BF40-1B82213791DF}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{9E6699CE-9B5B-4B63-909D-8F587653E7B1}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{A6CCBAC3-D786-4556-AA02-C9D68820A0D8}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{4DF30707-348C-4096-8D96-5DD378856CAD}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{51136018-E30A-48BD-A435-30FDBA3AA884}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2BDC64B2-66EB-419D-89E1-15428CD99C5F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8296AD06-AD54-4641-AB7F-882957258F46}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{983D3955-E11A-474F-9F44-B66C7A47B428}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5258313B-432C-47E4-944C-359849E0BEB0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{04CD1F9F-F4AD-44B8-985D-8F31DA576774}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{34F8C3F3-E292-478D-9D06-086CDE31C330}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{86C6399B-0497-49F0-9A9E-B983CF5BB652}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{F97C7144-F8E8-4350-9C46-E08827C87315}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-11-08 43184]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-11-08 12:47:22 41456]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;"c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [2008-02-25 21752]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-11-08 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-26 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-11-08 3474432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-11-09 203280]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
R2 NTIPPKernel;NTIPPKernel;\??\c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-11-08 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-11-08 233472]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-22 599344]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-03-26 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1E60x86.sys [2008-09-23 48128]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-22 40752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'

2008-11-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-03-26 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-eRecoveryService - (no file)
Notify-3acb0bdd511 - c:\windows\System32\d3d8thk32.dll

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 14:21:36
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4224)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\rundll32.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\System32\wbem\unsecapp.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Launch Manager\LManager.exe
c:\users\VAFROH~1\AppData\Local\Temp\RtkBtMnt.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Acer\Acer Bio Protection\PwdBank.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Acer\Acer VCM\acp2HID.exe
c:\windows\System32\conime.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2008-12-13 14:29:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-13 13:29:44

Avant-CF: 91 913 777 152 octets libres
Après-CF: 92,262,260,736 octets libres

317 --- E O F --- 2008-12-11 21:24:57

Répondre à bobo_daf

bonsoir
reposte un log hijackthis stp

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Bonsoir,
euh vs voulez dire le dernier que j'ai postée?

Répondre à bobo_daf

re
non, un nouveau rapport hijacktis:
~Lance Hijackthis.exe "do a system scan & save log file",et fais un copier coller du rapport généré dans ton prochain post.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:43, on 16/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\VAFROH~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Users\Vaf Rohani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBMUC1IH\HiJackThis[1].exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/re [...] den-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\Windows\System32\d3d8thk32.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 13980 bytes

Répondre à bobo_daf

re
Copie (Ctrl+C) le texte ci-dessous :

File::
C:\Windows\System32\d3d8thk32.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Voilà:

ComboFix 08-12-16.03 - Vaf Rohani 2008-12-17 0:35:42.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.1887 [GMT 1:00]
Lancé depuis: c:\users\Vaf Rohani\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Vaf Rohani\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active

FILE ::
c:\windows\System32\d3d8thk32.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Vaf Rohani\AppData\Roaming\0200000086cf0188511C.manifest
c:\users\Vaf Rohani\AppData\Roaming\0200000086cf0188511O.manifest
c:\users\Vaf Rohani\AppData\Roaming\0200000086cf0188511P.manifest
c:\users\Vaf Rohani\AppData\Roaming\0200000086cf0188511S.manifest
c:\windows\system32\cont_adzgalore-remove.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
.

2008-12-16 16:43 . 2008-12-16 16:43 <REP> d-------- c:\program files\Bonjour
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll
2008-12-11 22:24 . 2008-12-11 22:24 118 --a------ c:\windows\System32\MRT.INI
2008-12-11 22:19 . 2008-12-11 22:19 <REP> d-------- c:\users\Vaf Rohani\AppData\Roaming\Malwarebytes
2008-12-11 22:19 . 2008-12-11 22:19 <REP> d-------- c:\users\All Users\Malwarebytes
2008-12-11 22:19 . 2008-12-11 22:19 <REP> d-------- c:\programdata\Malwarebytes
2008-12-11 22:01 . 2008-12-11 22:07 <REP> d-------- C:\Rooter$
2008-12-11 18:43 . 2008-12-11 19:53 <REP> d-------- c:\users\Vaf Rohani\.housecall6.6
2008-12-11 18:43 . 2008-12-11 19:53 <REP> d-------- c:\users\Vaf Rohani\.housecall6.6
2008-12-11 18:42 . 2008-12-11 18:42 <REP> d-------- c:\windows\Sun
2008-12-11 18:38 . 2008-12-11 19:12 <REP> d-------- c:\windows\avxoscan
2008-12-10 18:46 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 18:34 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-10 18:34 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-10 18:18 . 2008-12-13 14:17 <REP> d-------- C:\Temp
2008-12-10 18:18 . 2008-12-10 18:18 316 --a------ c:\windows\System32\998.bat
2008-12-06 15:00 . 2008-12-06 15:00 <REP> d-------- c:\program files\Veoh Networks
2008-12-03 15:55 . 2008-12-03 15:55 <REP> d-------- c:\users\Vaf Rohani\AppData\Roaming\dvdcss
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d----c--- c:\windows\System32\DRVSTORE
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d-------- c:\users\Vaf Rohani\AppData\Roaming\Apple Computer
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d-------- c:\program files\iTunes
2008-12-03 13:14 . 2008-12-03 13:14 <REP> d-------- c:\program files\iPod
2008-12-03 13:14 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-12-03 13:14 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-12-03 13:13 . 2008-12-03 13:14 <REP> d-------- c:\users\All Users\Apple Computer
2008-12-03 13:13 . 2008-12-03 13:14 <REP> d-------- c:\programdata\Apple Computer
2008-12-03 13:13 . 2008-12-03 13:13 <REP> d-------- c:\program files\QuickTime
2008-12-03 13:13 . 2008-12-03 13:13 <REP> d-------- c:\program files\Apple Software Update
2008-12-03 13:12 . 2008-12-03 13:12 <REP> d-------- c:\users\All Users\Apple
2008-12-03 13:12 . 2008-12-03 13:12 <REP> d-------- c:\programdata\Apple
2008-12-03 13:12 . 2008-12-03 13:14 <REP> d-------- c:\program files\Common Files\Apple
2008-12-02 21:09 . 2008-12-02 21:09 <REP> d-------- c:\program files\DivX
2008-12-02 21:00 . 2008-12-02 21:08 <REP> d-------- c:\users\Vaf Rohani\AppData\Roaming\vlc
2008-12-02 20:59 . 2008-12-02 20:59 <REP> d-------- c:\program files\VideoLAN
2008-12-01 11:18 . 2008-12-01 11:19 192,824 --a------ c:\windows\System32\poinstall.exe
2008-11-26 14:01 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 14:01 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 14:01 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 14:01 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 14:01 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 12:38 . 2008-11-26 12:38 <REP> d-------- c:\users\Vaf Rohani\Option
2008-11-26 12:38 . 2008-11-26 12:38 <REP> d-------- c:\users\Vaf Rohani\Option
2008-11-23 11:16 . 2008-11-23 11:16 <REP> d-------- c:\program files\Microsoft Silverlight
2008-11-23 10:29 . 2008-12-16 19:54 <REP> d-------- c:\users\Vaf Rohani\AppData\Roaming\LimeWire
2008-11-23 10:29 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll
2008-11-23 10:28 . 2008-12-03 12:49 <REP> d-------- c:\program files\Java
2008-11-23 10:25 . 2008-11-23 10:26 <REP> d-------- c:\program files\LimeWire
2008-11-21 23:41 . 2008-11-21 23:41 <REP> d-------- c:\program files\Common Files\xing shared
2008-11-21 23:41 . 2008-11-21 23:41 <REP> d-------- c:\program files\Common Files\Real
2008-11-21 23:40 . 2008-11-22 23:55 <REP> d-------- c:\users\Vaf Rohani\AppData\Roaming\Real
2008-11-21 23:40 . 2008-11-21 23:40 <REP> d-------- c:\program files\Real
2008-11-19 12:59 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-19 12:59 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-19 12:59 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-19 12:59 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-19 12:59 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-19 12:59 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-19 12:59 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-19 12:58 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-19 12:58 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 10:28 . 2008-11-16 10:28 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 23:40 3,670,016 --sha-w c:\users\Vaf Rohani\ntuser.dat
2008-12-16 23:40 3,670,016 --sha-w c:\users\Vaf Rohani\ntuser.dat
2008-12-16 18:54 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\LimeWire
2008-12-15 16:18 --------- d-----w c:\program files\McAfee
2008-12-13 13:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 21:19 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\Malwarebytes
2008-12-10 22:12 --------- d-s---w c:\users\Vaf Rohani\AppData\Roaming\Microsoft
2008-12-10 17:49 --------- d-----w c:\programdata\Microsoft Help
2008-12-10 17:49 --------- d-----w c:\program files\Windows Mail
2008-12-03 14:55 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\dvdcss
2008-12-03 12:14 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\Apple Computer
2008-12-02 20:08 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\vlc
2008-11-22 22:55 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\Real
2008-11-17 15:53 --------- d-----w c:\programdata\CyberLink
2008-11-16 13:36 --------- d-----w c:\programdata\Messenger Plus!
2008-11-13 19:19 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-10 04:05 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\Adobe
2008-11-09 15:05 --------- d-----w c:\programdata\SiteAdvisor
2008-11-09 11:13 --------- d-----w c:\programdata\McAfee
2008-11-09 07:48 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\Mozilla
2008-11-09 00:59 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\Acer
2008-11-08 20:37 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\CyberLink
2008-11-08 20:37 --------- d-----w c:\programdata\PlayMovie
2008-11-08 13:05 --------- d-----w c:\programdata\Yahoo! Companion
2008-11-08 12:52 --------- d-----w c:\programdata\Yahoo!
2008-11-08 12:47 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-08 12:44 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\Yahoo!
2008-11-08 12:43 --------- d-----w c:\program files\Yahoo!
2008-11-08 12:43 --------- d-----w c:\program files\Windows Live
2008-11-08 12:41 --------- d-----w c:\programdata\WLInstaller
2008-11-08 12:05 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\Google
2008-11-08 11:55 --------- d-----w c:\program files\Acer Inc
2008-11-08 11:51 --------- d-----w c:\program files\Microsoft Works
2008-11-08 11:50 --------- d-----w c:\program files\MSXML 4.0
2008-11-08 11:50 --------- d-----w c:\program files\Acer Arcade Deluxe
2008-11-08 11:50 --------- d-----w c:\program files\Acer
2008-11-08 11:42 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-08 11:23 --------- d-----w c:\program files\Google
2008-11-08 11:22 --------- d-----w c:\program files\Launch Manager
2008-11-08 11:18 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\Macromedia
2008-11-08 11:17 --------- d-----w c:\program files\WIDCOMM
2008-11-08 11:15 43,184 ----a-w c:\windows\system32\drivers\AlfaFF.sys
2008-11-08 11:15 331,776 ----a-w c:\windows\System32\DrvCrypt.dll
2008-11-08 11:15 23,040 ----a-w c:\windows\System32\ShlCmd.exe
2008-11-08 11:15 16,384 ----a-w c:\windows\System32\AlfaFF.dll
2008-11-08 11:15 114,688 ----a-w c:\windows\System32\VCryptAPI.dll
2008-11-08 11:15 1,548,099 ----a-w c:\windows\System32\VMC3KAPI.dll
2008-11-08 11:14 192,512 ----a-w c:\windows\System32\BioOne.dll
2008-11-08 11:14 189,952 ----a-w c:\windows\System32\PBAGUI.dll
2008-11-08 11:14 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\Validity
2008-11-08 11:14 --------- d-----w c:\program files\Validity Sensors, Inc
2008-11-08 11:12 --------- d-----w c:\program files\Intel
2008-11-08 11:11 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\InstallShield
2008-11-08 11:11 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\ATI
2008-11-08 11:11 --------- d-----w c:\programdata\ATI
2008-11-08 11:10 --------- d-----w c:\users\Vaf Rohani\AppData\Roaming\Identities
2008-11-08 11:06 --------- d-sh--w c:\programdata\Modèles
2008-11-08 11:06 --------- d-sh--w c:\programdata\Menu Démarrer
2008-11-08 11:06 --------- d-sh--w c:\programdata\Favoris
2008-11-08 11:06 --------- d-sh--w c:\programdata\Bureau
2008-11-08 11:06 --------- d-sh--w c:\program files\Fichiers communs
2008-11-08 11:01 --------- d-----w c:\program files\ATI Technologies
2008-11-08 11:00 --------- d-----w c:\program files\ATI
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-23 16:46 245,408 ----a-w c:\windows\System32\unicows.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-12-01 13:34 643,072 ----a-w c:\program files\mozilla firefox\components\nsadzgalore.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-13_14.25.35.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-16 15:43:34 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
- 2008-12-13 13:21:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-16 22:53:25 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-13 13:21:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-16 22:53:25 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-13 13:21:22 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-16 22:54:55 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-16 22:54:55 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-13 13:21:22 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-16 22:55:00 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-16 22:55:00 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-13 13:02:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-16 23:00:23 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-13 13:02:45 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-16 23:00:23 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-13 13:02:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-16 23:00:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-13 12:46:16 6,462 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1D57712D7BA5988EB6E4E96810CB6BEBF4F0D876\1D57712D7BA5988EB6E4E96810CB6BEBF4F0D876\Data.dat
+ 2008-12-16 22:55:10 6,462 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1D57712D7BA5988EB6E4E96810CB6BEBF4F0D876\1D57712D7BA5988EB6E4E96810CB6BEBF4F0D876\Data.dat
- 2008-12-13 12:55:10 6,448 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
+ 2008-12-16 23:26:47 6,448 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
- 2008-12-13 12:37:47 6,592 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\46B61DB3D65696D03A1E7A106E31DDCD3CE241CE\46B61DB3D65696D03A1E7A106E31DDCD3CE241CE\Data.dat
+ 2008-12-16 23:24:42 6,592 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\46B61DB3D65696D03A1E7A106E31DDCD3CE241CE\46B61DB3D65696D03A1E7A106E31DDCD3CE241CE\Data.dat
+ 2008-12-16 22:55:31 6,284 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\Data.dat
+ 2008-12-16 23:05:37 6,334 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\60A1BF2F3C31862E7E36240BE467E9CB78AA3B7D\60A1BF2F3C31862E7E36240BE467E9CB78AA3B7D\Data.dat
- 2008-12-13 12:35:07 9,724 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\74A956292B9D7ED29866593C7E501FA45B187192\74A956292B9D7ED29866593C7E501FA45B187192\Data.dat
+ 2008-12-16 23:21:38 9,724 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\74A956292B9D7ED29866593C7E501FA45B187192\74A956292B9D7ED29866593C7E501FA45B187192\Data.dat
- 2008-12-13 12:59:51 6,550 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\8A22E7172D5A3EA62C5978079933D1CC9AFD7C66\8A22E7172D5A3EA62C5978079933D1CC9AFD7C66\Data.dat
+ 2008-12-16 23:26:28 6,550 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\8A22E7172D5A3EA62C5978079933D1CC9AFD7C66\8A22E7172D5A3EA62C5978079933D1CC9AFD7C66\Data.dat
- 2008-12-13 12:37:25 6,936 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\9BEC04A6ED930E74027DDF093A52D0E0B2A5F98A\9BEC04A6ED930E74027DDF093A52D0E0B2A5F98A\Data.dat
+ 2008-12-16 23:21:42 6,936 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\9BEC04A6ED930E74027DDF093A52D0E0B2A5F98A\9BEC04A6ED930E74027DDF093A52D0E0B2A5F98A\Data.dat
- 2008-12-13 12:58:21 5,538 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E6D66408E2E8C41284F6F3818922AE0585617EED\E6D66408E2E8C41284F6F3818922AE0585617EED\Data.dat
+ 2008-12-16 23:26:16 5,538 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E6D66408E2E8C41284F6F3818922AE0585617EED\E6D66408E2E8C41284F6F3818922AE0585617EED\Data.dat
- 2008-12-13 12:37:27 7,346 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\EB5AF50E0B263C13B3D628ADA3AC42B02C51003D\EB5AF50E0B263C13B3D628ADA3AC42B02C51003D\Data.dat
+ 2008-12-16 23:21:46 7,346 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\EB5AF50E0B263C13B3D628ADA3AC42B02C51003D\EB5AF50E0B263C13B3D628ADA3AC42B02C51003D\Data.dat
- 2008-12-13 13:16:26 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-16 23:35:00 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-16 23:35:00 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-12-13 13:04:39 6,880 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1152605475-3758196471-4292537414-1000_UserData.bin
+ 2008-12-16 22:55:17 7,626 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1152605475-3758196471-4292537414-1000_UserData.bin
- 2008-12-13 13:04:38 72,928 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-16 22:55:17 73,032 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-13 13:04:37 60,916 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-16 20:11:21 61,328 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-12-12 21:01:10 242,790 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-12-16 19:02:36 243,966 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-11-03 3522296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-11-08 3659264]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-28 809480]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-03-05 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-03-05 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-03-04 167936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-21 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-11-08 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-11-08 12:15 3024896 c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{381F5D20-CA67-4750-822F-1954BE64C812}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{D74563FA-08D4-4748-9BA6-CE054D6EF47A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F5FA9575-8059-46A6-98AF-53F1A058A16D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{49D39706-E2E2-43B9-A364-9303B76DC1B6}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3D3DE517-3166-4E93-B5C7-B3CCE0C172C2}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{498011BF-7211-443F-939B-5DDB64FF079A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{22FE577E-43C8-4B8F-9F10-B01EA6F75C86}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{7F06B4FC-9FA5-49A5-8234-9E9C544AA303}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{4F849E18-5DF4-47CD-8C88-A42DEED3D782}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{33848A1F-9210-4361-8098-054468A7A0E8}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{08F2E4BF-5044-4B18-A80A-6465911ADFED}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{1EBF756B-463A-4B48-BF40-1B82213791DF}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{9E6699CE-9B5B-4B63-909D-8F587653E7B1}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{A6CCBAC3-D786-4556-AA02-C9D68820A0D8}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{4DF30707-348C-4096-8D96-5DD378856CAD}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{51136018-E30A-48BD-A435-30FDBA3AA884}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2BDC64B2-66EB-419D-89E1-15428CD99C5F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8296AD06-AD54-4641-AB7F-882957258F46}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{04CD1F9F-F4AD-44B8-985D-8F31DA576774}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{34F8C3F3-E292-478D-9D06-086CDE31C330}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{86C6399B-0497-49F0-9A9E-B983CF5BB652}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{F97C7144-F8E8-4350-9C46-E08827C87315}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{13A13875-1133-4C0A-B3DF-EFBACE840F0A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CB81DF14-F5ED-48F4-A12B-421694BBEACE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-11-08 43184]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-11-08 12:47:22 41456]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;"c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [2008-02-25 21752]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-11-08 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-26 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-11-08 3474432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-11-09 203280]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
R2 NTIPPKernel;NTIPPKernel;\??\c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-11-08 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-11-08 233472]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-22 599344]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-03-26 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1E60x86.sys [2008-09-23 48128]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-22 40752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'

2008-11-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-03-26 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 00:40:12
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-17 0:47:46
ComboFix-quarantined-files.txt 2008-12-16 23:47:40
ComboFix2.txt 2008-12-13 13:29:55

Avant-CF: 84 964 839 424 octets libres
Après-CF: 84,879,880,192 octets libres

333 --- E O F --- 2008-12-13 13:56:36

Répondre à bobo_daf

bonsoir
comment se comporte ton pc?
reposte un log hijackthis stp

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:40, on 17/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\VAFROH~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Vaf Rohani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5CDZRXA\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/re [...] den-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 13978 bytes

Répondre à bobo_daf

Et mon ordinateur à l'air de bien se comporter....
Je pense que le pblm est bien résolu :;D

Répondre à bobo_daf

re
fais un scan en ligne chez Kaspersky et poste le rapport:

http://www.kaspersky.com/virusscanner

Aide : Comment faire un scan en ligne avec Kaspersky.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 20, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 20, 2008 10:53:00
Records in database: 1491209
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 111520
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:05:36

File name / Threat name / Threats count
C:\Users\Vaf Rohani\Documents\LimeWire\Saved\brick lace - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1

The selected area was scanned.

Répondre à bobo_daf

re
supprime:
C:\Users\Vaf Rohani\Documents\LimeWire\Saved\brick lace - greatest hits.wma

d'autres soucis?

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Reee
Oui j'ai bien supprimé ce fichier dès que j'ai vu le rapport .
Merciiiiiiii bcccccp
Je pense que le pblm est réglé.

Répondre à bobo_daf

re
Supprime tous les programmes installés pour la désinfection.

Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.

Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

:hello:

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Miciiiiiiiiii

Répondre à bobo_daf

de rien
bon surf
:hello:

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Donne ton avis en vidéo

Messages similaires

Les téléchargements

Ressources relatives

Les derniers dossiers

Test : Nokia N97, un vrai clavier, du Wi-Fi, un grand écran tactile...

Les bonnes raisons pour ne pas passer à l'iPhone 3G S

Faut-il craquer pour une TV à Led ?

Clés USB : capacité ou vitesse, le comparatif

Téléchargement

Liens commerciaux

Attention