Ralentissement PC + eventuel virus .
Forum Sécurité - Virus : Ralentissement PC + eventuel virus .
Bonjour, j'ai quelques soucis avec le P.C, depuis quelques temps il ralenti serieusement. avec apparition de virus "trojan"
j'ai fais un raport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:10, on 15/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\acer\AppData\Local\Temp\AutoDetect.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\Users\acer\AppData\Local\Temp\AutoDetect.exe /active
O4 - HKCU\..\RunOnce: [Ceedo Repair] C:\Users\acer\AppData\Local\Temp\AutoDetect.exe /repair /drive=
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: TrayMin220.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
--
End of file - 12174 bytes
Bonjour,
Télécharge ComboFix (de sUBs) sur ton Bureau.
- Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
- Double clique sur ComboFix.exe.
- Accepte la licence en cliquant sur Oui.
- Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
- Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
Répondre à Angeldark
ComboFix 09-02-14.01 - acer 2009-02-15 18:10:51.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.894.266 [GMT 1:00]
Lancé depuis: c:\users\acer\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))
.
2009-02-15 11:58 . 2009-02-15 11:58 <REP> d-------- c:\program files\Trend Micro
2009-02-14 21:46 . 2009-02-14 21:46 <REP> d-------- C:\ViaMichelin
2009-02-14 14:12 . 2004-12-30 10:00 104,576 --a------ c:\windows\System32\drivers\wceusbsh.sys
2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\users\All Users\Avira
2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\programdata\Avira
2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\program files\Avira
2009-02-13 20:05 . 2009-02-15 10:00 28 --a------ c:\windows\ODBC.INI
2009-02-13 20:03 . 2009-02-15 10:00 <REP> d-------- c:\program files\RomStation
2009-02-12 15:49 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-12 15:49 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-12 15:49 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-12 15:49 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-12 15:49 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 15:46 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-12 15:46 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-07 13:11 . 2009-02-07 13:13 <REP> d-------- c:\windows\System32\HWC HD
2009-02-07 13:11 . 2009-02-07 13:11 <REP> d-------- c:\program files\Hercules
2009-02-07 13:11 . 2007-07-17 18:07 10,371,072 --a------ c:\windows\System32\drivers\snpstd3.sys
2009-02-07 13:11 . 2006-08-01 12:31 3,600,384 --a------ c:\windows\ffmpeg.exe
2009-02-07 13:11 . 2007-08-06 15:29 94,720 --a------ c:\windows\System32\drivers\camfilt2.sys
2009-02-07 13:11 . 2007-04-20 16:26 57,344 --a------ c:\windows\System32\vsnpstd3.dll
2009-02-07 13:11 . 2005-11-23 13:55 53,248 --a------ c:\windows\System32\csnpstd3.dll
2009-02-07 13:11 . 2007-07-20 11:33 15,478 --a------ c:\windows\snpstd3.ini
2009-02-07 13:11 . 2007-07-20 11:18 13,003 --a------ c:\windows\snpstd3.src
2009-02-06 21:35 . 2009-02-06 21:36 <REP> d-------- c:\users\acer\{c38acd17-be8f-4e5f-808d-a084ccd1e3ca}
2009-02-06 21:35 . 2009-02-06 21:35 <REP> d-------- c:\program files\Philips
2009-02-06 21:34 . 2009-02-06 21:34 <REP> d-------- c:\users\acer\AppData\Roaming\InstallShield
2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\program files\Photo Viewer
2009-02-05 12:52 . 2009-02-15 18:05 <REP> d-------- c:\users\acer\Tracing
2009-02-05 12:51 . 2009-02-05 12:51 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-02-05 12:46 . 2009-02-05 12:46 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-05 12:46 . 2009-02-05 12:46 <REP> d-------- c:\program files\Microsoft
2009-02-05 12:28 . 2009-02-05 12:28 <REP> d-------- c:\program files\Common Files\Windows Live
2009-02-03 23:08 . 2009-02-04 00:02 <REP> d-------- c:\users\acer\AppData\Roaming\Micro Application
2009-02-03 23:01 . 2009-02-03 23:01 <REP> d-------- c:\program files\Micro Application
2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
2009-01-31 21:50 . 2009-01-31 21:50 230,432 --a------ C:\SPC220NC.DAT
2009-01-31 12:38 . 2009-01-31 12:38 <REP> d-------- c:\program files\Defraggler
2009-01-30 19:24 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-01-30 19:24 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-01-30 19:24 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-01-30 19:24 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-01-30 19:24 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-01-30 19:24 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-01-30 19:24 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-01-30 19:24 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-01-30 19:15 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-01-30 19:15 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-01-30 19:15 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-01-30 19:15 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-30 19:14 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-01-26 23:37 . 2009-02-14 13:55 <REP> d-------- c:\program files\ESET
2009-01-26 18:49 . 2009-01-26 18:49 <REP> d-------- c:\program files\NETGEAR
2009-01-26 18:48 . 2009-01-26 18:48 <REP> d-------- c:\windows\Downloaded Installations
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 20:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 14:50 --------- d-----w c:\program files\Windows Mail
2009-02-07 19:25 --------- d-----w c:\users\acer\AppData\Roaming\skypePM
2009-02-07 19:25 --------- d-----w c:\users\acer\AppData\Roaming\Skype
2009-02-06 20:36 --------- d-----w c:\program files\ArcSoft
2009-02-05 11:51 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-05 11:51 --------- d-----w c:\program files\Windows Live
2009-01-30 18:11 --------- d-----w c:\users\acer\AppData\Roaming\LimeWire
2009-01-26 22:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-26 22:27 --------- d-----w c:\programdata\Symantec
2009-01-26 22:27 --------- d-----w c:\program files\Symantec
2009-01-26 19:32 --------- d-----w c:\program files\Avanquest update
2009-01-11 12:04 --------- d-----w c:\programdata\eMule
2009-01-11 12:04 --------- d-----w c:\program files\eMule
2009-01-11 12:02 --------- d-----w c:\program files\LimeWire
2009-01-10 11:01 65,024 ----a-w c:\windows\IFinst26.exe
2009-01-10 11:01 --------- d-----w c:\program files\XviD
2009-01-10 11:01 --------- d-----w c:\program files\Lame MP3 Codec
2009-01-10 11:00 --------- d-----w c:\users\acer\AppData\Roaming\DataCast
2009-01-10 11:00 --------- d-----w c:\program files\Samsung
2009-01-10 11:00 --------- d-----w c:\program files\MarkAny
2009-01-10 10:52 --------- d-----w c:\program files\Google
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2009-01-04 08:25 --------- d-----w c:\program files\DivX
2009-01-04 08:23 --------- d-----w c:\users\acer\AppData\Roaming\DivX
2009-01-04 08:23 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-04 00:08 --------- d-----w c:\program files\Common Files\Skype
2009-01-04 00:08 --------- d-----w c:\program files\Bonjour
2009-01-03 18:59 --------- d-----w c:\programdata\PC Drivers HeadQuarters
2009-01-03 18:59 --------- d-----w c:\program files\PC Drivers HeadQuarters
2009-01-03 16:25 --------- d-----w c:\program files\Logitech
2008-12-29 15:03 --------- d-----w c:\program files\Bonjour(54)
2008-12-21 16:59 --------- d-----w c:\users\acer\AppData\Roaming\HP
2008-12-21 12:17 --------- d-----w c:\users\acer\AppData\Roaming\Logitech
2008-12-21 12:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-21 12:12 --------- d-----w c:\programdata\Logitech
2008-12-21 12:12 --------- d-----w c:\program files\Common Files\Logitech
2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-15 15:20 --------- d-----w c:\programdata\Apple Computer
2008-12-15 15:20 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 15:20 --------- d-----w c:\program files\iTunes
2008-12-15 15:20 --------- d-----w c:\program files\iPod
2008-12-15 15:20 --------- d-----w c:\program files\Common Files\Apple
2008-12-15 15:17 --------- d-----w c:\program files\QuickTime
2008-12-15 15:11 --------- d-----w c:\program files\Safari
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-10-31 18:44 174 --sha-w c:\program files\desktop.ini
2008-10-28 20:15 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-10-28 20:15 56 ---ha-w c:\programdata\ezsidmv.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-11 185872]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-21 688128]
TrayMin220.lnk - c:\program files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2009-02-06 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.JDCT"= jl_jdct.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logiciel Kodak EasyShare.lnk
backup=c:\windows\pss\Logiciel Kodak EasyShare.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2006-11-17 08:26 453120 c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--------- 2008-07-10 10:22 397312 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-11 09:33 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{E9578D5D-1D23-4F6C-B84E-16BC402F0F2F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{964DAD70-B7D0-4088-A676-7730F0529E29}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B199E570-7FDD-452C-A5B0-DEC43C2623B8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{56A696B7-673C-4B87-AD50-43DC626B1941}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{1084E518-4FB5-4AF5-AAE9-F40FCEB8FB4B}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{DE3AA7B4-AAEB-4491-BBA3-3BB74D0C0CD2}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{6CA7C419-11F9-46C7-8689-51A136BE0409}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{67230A94-5E94-418B-B0DA-30033C393570}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CBC515E2-A3FE-49A2-8E45-13C229ED4C5A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F831AD8E-C351-4132-8B5B-D9B197200AB0}"= UDP:c:\program files\Anuman Interactive\Code de la route\CODEDELAROUTE.exe:Code de la route
"{154B5045-8968-4411-A1A5-9F53CC1C10A7}"= TCP:c:\program files\Anuman Interactive\Code de la route\CODEDELAROUTE.exe:Code de la route
"{14B13542-07FB-4334-8FFD-52350EED4388}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{0F932C4B-06B4-4544-B0C2-CAF95A5ED29C}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"TCP Query User{729A145D-BDE8-4A55-AD87-ADCBD33CBA22}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{D1808AEB-BEE4-4317-A2A7-1D9EAFFACA81}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{72F5EF7D-457B-45DE-AAB3-F2BA9D04241D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{C62A6EE6-054A-4DD0-80CC-098C64242DAB}c:\\program files\\hercules\\classic silver\\station2.exe"= UDP:c:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
"UDP Query User{063166FB-52B8-42FA-846A-8A2F929DE931}c:\\program files\\hercules\\classic silver\\station2.exe"= TCP:c:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
"TCP Query User{041E6FA8-15E2-4FA0-9DDF-C7B6D44DACA6}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
"UDP Query User{187430B2-14C4-4C19-85E7-16AA003E4B55}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872]
S3 camfilt2;camfilt2;c:\windows\System32\drivers\camfilt2.sys [2009-02-07 94720]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [2008-11-18 13352]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\System32\drivers\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\System32\drivers\s916mdm.sys [2007-11-02 109992]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-03-14 47984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{064da16f-b89a-11dd-9f7a-806e6f6e6963}]
\shell\AutoRun\command - K:\Autorun.exe /run
\shell\Shell00\Command - K:\Autorun.exe /run
\shell\Shell01\Command - K:\Autorun.exe /action
\shell\Shell02\Command - K:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9fea59-cb92-11dd-8db1-001060ec020a}]
\shell\AutoRun\command - L:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef96e24-a52c-11dd-81d0-001060ec020a}]
\shell\AutoRun\command - F:\LaunchU3.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\s7ao3c17.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 18:14:32
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(1968)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\MarkAny\ContentSafer\MaCSProHook.DLL
.
Heure de fin: 2009-02-15 18:17:31
ComboFix-quarantined-files.txt 2009-02-15 17:17:28
Avant-CF: 43 263 373 312 octets libres
Après-CF: 43,315,544,064 octets libres
296 --- E O F --- 2009-02-13 14:21:53
ComboFix 09-02-14.01 - acer 2009-02-15 18:10:51.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.894.266 [GMT 1:00]
Lancé depuis: c:\users\acer\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))
.
2009-02-15 11:58 . 2009-02-15 11:58 <REP> d-------- c:\program files\Trend Micro
2009-02-14 21:46 . 2009-02-14 21:46 <REP> d-------- C:\ViaMichelin
2009-02-14 14:12 . 2004-12-30 10:00 104,576 --a------ c:\windows\System32\drivers\wceusbsh.sys
2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\users\All Users\Avira
2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\programdata\Avira
2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\program files\Avira
2009-02-13 20:05 . 2009-02-15 10:00 28 --a------ c:\windows\ODBC.INI
2009-02-13 20:03 . 2009-02-15 10:00 <REP> d-------- c:\program files\RomStation
2009-02-12 15:49 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-12 15:49 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-12 15:49 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-12 15:49 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-12 15:49 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 15:46 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-12 15:46 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-07 13:11 . 2009-02-07 13:13 <REP> d-------- c:\windows\System32\HWC HD
2009-02-07 13:11 . 2009-02-07 13:11 <REP> d-------- c:\program files\Hercules
2009-02-07 13:11 . 2007-07-17 18:07 10,371,072 --a------ c:\windows\System32\drivers\snpstd3.sys
2009-02-07 13:11 . 2006-08-01 12:31 3,600,384 --a------ c:\windows\ffmpeg.exe
2009-02-07 13:11 . 2007-08-06 15:29 94,720 --a------ c:\windows\System32\drivers\camfilt2.sys
2009-02-07 13:11 . 2007-04-20 16:26 57,344 --a------ c:\windows\System32\vsnpstd3.dll
2009-02-07 13:11 . 2005-11-23 13:55 53,248 --a------ c:\windows\System32\csnpstd3.dll
2009-02-07 13:11 . 2007-07-20 11:33 15,478 --a------ c:\windows\snpstd3.ini
2009-02-07 13:11 . 2007-07-20 11:18 13,003 --a------ c:\windows\snpstd3.src
2009-02-06 21:35 . 2009-02-06 21:36 <REP> d-------- c:\users\acer\{c38acd17-be8f-4e5f-808d-a084ccd1e3ca}
2009-02-06 21:35 . 2009-02-06 21:35 <REP> d-------- c:\program files\Philips
2009-02-06 21:34 . 2009-02-06 21:34 <REP> d-------- c:\users\acer\AppData\Roaming\InstallShield
2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\program files\Photo Viewer
2009-02-05 12:52 . 2009-02-15 18:05 <REP> d-------- c:\users\acer\Tracing
2009-02-05 12:51 . 2009-02-05 12:51 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-02-05 12:46 . 2009-02-05 12:46 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-05 12:46 . 2009-02-05 12:46 <REP> d-------- c:\program files\Microsoft
2009-02-05 12:28 . 2009-02-05 12:28 <REP> d-------- c:\program files\Common Files\Windows Live
2009-02-03 23:08 . 2009-02-04 00:02 <REP> d-------- c:\users\acer\AppData\Roaming\Micro Application
2009-02-03 23:01 . 2009-02-03 23:01 <REP> d-------- c:\program files\Micro Application
2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
2009-01-31 21:50 . 2009-01-31 21:50 230,432 --a------ C:\SPC220NC.DAT
2009-01-31 12:38 . 2009-01-31 12:38 <REP> d-------- c:\program files\Defraggler
2009-01-30 19:24 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-01-30 19:24 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-01-30 19:24 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-01-30 19:24 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-01-30 19:24 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-01-30 19:24 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-01-30 19:24 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-01-30 19:24 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-01-30 19:15 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-01-30 19:15 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-01-30 19:15 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-01-30 19:15 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-30 19:14 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-01-26 23:37 . 2009-02-14 13:55 <REP> d-------- c:\program files\ESET
2009-01-26 18:49 . 2009-01-26 18:49 <REP> d-------- c:\program files\NETGEAR
2009-01-26 18:48 . 2009-01-26 18:48 <REP> d-------- c:\windows\Downloaded Installations
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 20:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 14:50 --------- d-----w c:\program files\Windows Mail
2009-02-07 19:25 --------- d-----w c:\users\acer\AppData\Roaming\skypePM
2009-02-07 19:25 --------- d-----w c:\users\acer\AppData\Roaming\Skype
2009-02-06 20:36 --------- d-----w c:\program files\ArcSoft
2009-02-05 11:51 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-05 11:51 --------- d-----w c:\program files\Windows Live
2009-01-30 18:11 --------- d-----w c:\users\acer\AppData\Roaming\LimeWire
2009-01-26 22:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-26 22:27 --------- d-----w c:\programdata\Symantec
2009-01-26 22:27 --------- d-----w c:\program files\Symantec
2009-01-26 19:32 --------- d-----w c:\program files\Avanquest update
2009-01-11 12:04 --------- d-----w c:\programdata\eMule
2009-01-11 12:04 --------- d-----w c:\program files\eMule
2009-01-11 12:02 --------- d-----w c:\program files\LimeWire
2009-01-10 11:01 65,024 ----a-w c:\windows\IFinst26.exe
2009-01-10 11:01 --------- d-----w c:\program files\XviD
2009-01-10 11:01 --------- d-----w c:\program files\Lame MP3 Codec
2009-01-10 11:00 --------- d-----w c:\users\acer\AppData\Roaming\DataCast
2009-01-10 11:00 --------- d-----w c:\program files\Samsung
2009-01-10 11:00 --------- d-----w c:\program files\MarkAny
2009-01-10 10:52 --------- d-----w c:\program files\Google
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2009-01-04 08:25 --------- d-----w c:\program files\DivX
2009-01-04 08:23 --------- d-----w c:\users\acer\AppData\Roaming\DivX
2009-01-04 08:23 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-04 00:08 --------- d-----w c:\program files\Common Files\Skype
2009-01-04 00:08 --------- d-----w c:\program files\Bonjour
2009-01-03 18:59 --------- d-----w c:\programdata\PC Drivers HeadQuarters
2009-01-03 18:59 --------- d-----w c:\program files\PC Drivers HeadQuarters
2009-01-03 16:25 --------- d-----w c:\program files\Logitech
2008-12-29 15:03 --------- d-----w c:\program files\Bonjour(54)
2008-12-21 16:59 --------- d-----w c:\users\acer\AppData\Roaming\HP
2008-12-21 12:17 --------- d-----w c:\users\acer\AppData\Roaming\Logitech
2008-12-21 12:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-21 12:12 --------- d-----w c:\programdata\Logitech
2008-12-21 12:12 --------- d-----w c:\program files\Common Files\Logitech
2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-15 15:20 --------- d-----w c:\programdata\Apple Computer
2008-12-15 15:20 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 15:20 --------- d-----w c:\program files\iTunes
2008-12-15 15:20 --------- d-----w c:\program files\iPod
2008-12-15 15:20 --------- d-----w c:\program files\Common Files\Apple
2008-12-15 15:17 --------- d-----w c:\program files\QuickTime
2008-12-15 15:11 --------- d-----w c:\program files\Safari
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-10-31 18:44 174 --sha-w c:\program files\desktop.ini
2008-10-28 20:15 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-10-28 20:15 56 ---ha-w c:\programdata\ezsidmv.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-11 185872]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-21 688128]
TrayMin220.lnk - c:\program files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2009-02-06 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.JDCT"= jl_jdct.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logiciel Kodak EasyShare.lnk
backup=c:\windows\pss\Logiciel Kodak EasyShare.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2006-11-17 08:26 453120 c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--------- 2008-07-10 10:22 397312 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-11 09:33 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{E9578D5D-1D23-4F6C-B84E-16BC402F0F2F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{964DAD70-B7D0-4088-A676-7730F0529E29}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B199E570-7FDD-452C-A5B0-DEC43C2623B8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{56A696B7-673C-4B87-AD50-43DC626B1941}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{1084E518-4FB5-4AF5-AAE9-F40FCEB8FB4B}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{DE3AA7B4-AAEB-4491-BBA3-3BB74D0C0CD2}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{6CA7C419-11F9-46C7-8689-51A136BE0409}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{67230A94-5E94-418B-B0DA-30033C393570}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CBC515E2-A3FE-49A2-8E45-13C229ED4C5A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F831AD8E-C351-4132-8B5B-D9B197200AB0}"= UDP:c:\program files\Anuman Interactive\Code de la route\CODEDELAROUTE.exe:Code de la route
"{154B5045-8968-4411-A1A5-9F53CC1C10A7}"= TCP:c:\program files\Anuman Interactive\Code de la route\CODEDELAROUTE.exe:Code de la route
"{14B13542-07FB-4334-8FFD-52350EED4388}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{0F932C4B-06B4-4544-B0C2-CAF95A5ED29C}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"TCP Query User{729A145D-BDE8-4A55-AD87-ADCBD33CBA22}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{D1808AEB-BEE4-4317-A2A7-1D9EAFFACA81}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{72F5EF7D-457B-45DE-AAB3-F2BA9D04241D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{C62A6EE6-054A-4DD0-80CC-098C64242DAB}c:\\program files\\hercules\\classic silver\\station2.exe"= UDP:c:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
"UDP Query User{063166FB-52B8-42FA-846A-8A2F929DE931}c:\\program files\\hercules\\classic silver\\station2.exe"= TCP:c:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
"TCP Query User{041E6FA8-15E2-4FA0-9DDF-C7B6D44DACA6}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
"UDP Query User{187430B2-14C4-4C19-85E7-16AA003E4B55}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872]
S3 camfilt2;camfilt2;c:\windows\System32\drivers\camfilt2.sys [2009-02-07 94720]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [2008-11-18 13352]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\System32\drivers\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\System32\drivers\s916mdm.sys [2007-11-02 109992]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-03-14 47984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{064da16f-b89a-11dd-9f7a-806e6f6e6963}]
\shell\AutoRun\command - K:\Autorun.exe /run
\shell\Shell00\Command - K:\Autorun.exe /run
\shell\Shell01\Command - K:\Autorun.exe /action
\shell\Shell02\Command - K:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9fea59-cb92-11dd-8db1-001060ec020a}]
\shell\AutoRun\command - L:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef96e24-a52c-11dd-81d0-001060ec020a}]
\shell\AutoRun\command - F:\LaunchU3.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\s7ao3c17.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 18:14:32
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(1968)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\MarkAny\ContentSafer\MaCSProHook.DLL
.
Heure de fin: 2009-02-15 18:17:31
ComboFix-quarantined-files.txt 2009-02-15 17:17:28
Avant-CF: 43 263 373 312 octets libres
Après-CF: 43,315,544,064 octets libres
296 --- E O F --- 2009-02-13 14:21:53
Re,
Sélectionne l'intégralité du cadre ci-dessous :
File::
|
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix.
- Tu devras accepter la licence.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Répondre à Angeldark
Il y a 2233 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
