Virus: besoin d'aide [résolu]

Bonjour,

Tu n'as plus d'antivirus ?

• Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
• Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
• Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
• Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
• Sélectionne Exécuter un examen rapide.
• Clique sur Rechercher. L'analyse démarre.
• A la fin de l'analyse, un message s'affiche :

• Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
• Ferme tes navigateurs.
• Si des malwares ont été détectés, clique sur Afficher les résultats.
• Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Hummm j'en ai oublié la politesse...merci pour cette réponse si rapide!
Voici le rapport de MBAM:

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1625
Windows 6.0.6001 Service Pack 1

29/04/2009 23:25:27
mbam-log-2009-04-29 (23-25-27).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 223413
Temps écoulé: 1 hour(s), 13 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Voila le rapport de l'antivirus:
Par contre quand j'ai redémarré mon ordinateur, l'antivirus m'a affiché des messages pour me dire que des logiciels essayaient de s'installer et à chaque fois j'ai cliqué sur refuser l'accès.


Avira AntiVir Personal
Date de création du fichier de rapport : jeudi 30 avril 2009 00:21

La recherche porte sur 1371296 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows Vista
Version de Windows : (Service Pack 1) [6.0.6001]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : PC-DE-LAURA

Informations de version :
BUILD.DAT : 9.0.0.65 17959 Bytes 22/04/2009 12:06:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 12:20:54
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:33:26
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 22:19:47
ANTIVIR3.VDF : 7.1.3.131 232448 Bytes 29/04/2009 22:19:48
Version du moteur : 8.2.0.156
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 16:36:42
AESCRIPT.DLL : 8.1.1.77 381306 Bytes 29/04/2009 22:19:54
AESCN.DLL : 8.1.1.10 127348 Bytes 29/04/2009 22:19:53
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41
AEPACK.DLL : 8.1.3.14 397685 Bytes 29/04/2009 22:19:53
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 19:01:56
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 29/04/2009 22:19:52
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 19:01:56
AEGEN.DLL : 8.1.1.39 348532 Bytes 29/04/2009 22:19:49
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 29/04/2009 22:19:48
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 17/02/2009 12:49:32
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Disques durs locaux
Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, D:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Sélection de fichiers intelligente
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen

Début de la recherche : jeudi 30 avril 2009 00:21

La recherche d'objets cachés commence.
Erreur dans la bibliothèque ARK

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VSSVC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ieuser.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés
Processus de recherche 'usnsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxext.exe' - '1' module(s) sont contrôlés
Processus de recherche 'eRAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RtkBtMnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ePower_DMC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'eNMTray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SuperCopier.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sidebar.exe' - '1' module(s) sont contrôlés
Processus de recherche 'acrotray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmdSync.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxsrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'eDSloader.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LManager.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxpers.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hkcmd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxtray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RtHDVCpl.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ePowerSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'eRecoveryService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'XAudio.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RichVideo.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MobilityService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'eNet Service.exe' - '1' module(s) sont contrôlés
Processus de recherche 'eLockServ.exe' - '1' module(s) sont contrôlés
Processus de recherche 'eDSService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'81' processus ont été contrôlés avec '81' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
[INFO] Veuillez relancer la recherche avec les droits d'administrateur

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '50' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <ACER>
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Program Files\flashfxp2\patch_flashfxp\YMY_FlashFXP_UP.exe
[RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen
C:\ProgramData\lotikiwi\lotikiwi.exe
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
C:\Qoobox\Quarantine\C\ProgramData\hiluguba\hiluguba.dll.vir
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
C:\Qoobox\Quarantine\C\Windows\System32\ak1.exe.vir
[RESULTAT] Contient le cheval de Troie TR/Crypt.ZPACK.Gen
C:\Qoobox\Quarantine\C\Windows\System32\yhs783ijfo3fe.dll.vir
[RESULTAT] Contient le cheval de Troie TR/Dldr.Ertfor.B
C:\Qoobox\Quarantine\C\Windows\System32\drivers\_ovfsthxkuibfcmo_.sys.zip
[0] Type d'archive: ZIP
--> ovfsthxkuibfcmo.sys
[RESULTAT] Contient le cheval de Troie TR/Agent.81920.93
--> ovfsthxkuibfcmo.sys.1
[RESULTAT] Contient le cheval de Troie TR/Agent.81920.93
--> ovfsthxkuibfcmo.sys.2
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
--> ovfsthxkuibfcmo.sys.3
[RESULTAT] Contient le cheval de Troie TR/Agent.81920.93
--> ovfsthxkuibfcmo.sys.4
[RESULTAT] Contient le cheval de Troie TR/Agent.81920.93
--> ovfsthxkuibfcmo.sys.5
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
C:\Qoobox\Quarantine\C\Windows\temp\1715767217.exe.vir
[RESULTAT] Contient le cheval de Troie TR/Downloader.Gen
C:\Users\laura\gif.exe
[RESULTAT] Contient le cheval de Troie TR/Dropper.Gen
C:\Users\laura\index.exe
[RESULTAT] Contient le cheval de Troie TR/Dropper.Gen
C:\Windows\System32\lmppcsetup.exe
[RESULTAT] Contient le cheval de Troie TR/Drop.Agent.amnc
C:\Windows\System32\winglsetup.exe
[RESULTAT] Contient le cheval de Troie TR/Drop.Agent.39936
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0Q9X1OP\cd[1].htm
[RESULTAT] Contient le cheval de Troie TR/Downloader.Gen
C:\Windows\temp\msb.dll
[RESULTAT] Contient le cheval de Troie TR/Crypt.IL
Recherche débutant dans 'D:\' <DATA>

Début de la désinfection :
C:\Program Files\flashfxp2\patch_flashfxp\YMY_FlashFXP_UP.exe
[RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a524639.qua' !
C:\ProgramData\lotikiwi\lotikiwi.exe
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a6d465b.qua' !
C:\Qoobox\Quarantine\C\ProgramData\hiluguba\hiluguba.dll.vir
[RESULTAT] Contient le cheval de Troie TR/Vundo.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a654655.qua' !
C:\Qoobox\Quarantine\C\Windows\System32\ak1.exe.vir
[RESULTAT] Contient le cheval de Troie TR/Crypt.ZPACK.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a2a4657.qua' !
C:\Qoobox\Quarantine\C\Windows\System32\yhs783ijfo3fe.dll.vir
[RESULTAT] Contient le cheval de Troie TR/Dldr.Ertfor.B
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a6c4654.qua' !
C:\Qoobox\Quarantine\C\Windows\System32\drivers\_ovfsthxkuibfcmo_.sys.zip
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a6f465b.qua' !
C:\Qoobox\Quarantine\C\Windows\temp\1715767217.exe.vir
[RESULTAT] Contient le cheval de Troie TR/Downloader.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a2a4623.qua' !
C:\Users\laura\gif.exe
[RESULTAT] Contient le cheval de Troie TR/Dropper.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a5f4656.qua' !
C:\Users\laura\index.exe
[RESULTAT] Contient le cheval de Troie TR/Dropper.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a5d465b.qua' !
C:\Windows\System32\lmppcsetup.exe
[RESULTAT] Contient le cheval de Troie TR/Drop.Agent.amnc
[AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004
[AVERTISSEMENT] Impossible de trouver le fichier source.
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[AVERTISSEMENT] Erreur dans la bibliothèque ARK
[REMARQUE] Le fichier a été repéré pour une suppression après un redémarrage.
C:\Windows\System32\winglsetup.exe
[RESULTAT] Contient le cheval de Troie TR/Drop.Agent.39936
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a6746a1.qua' !
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0Q9X1OP\cd[1].htm
[RESULTAT] Contient le cheval de Troie TR/Downloader.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a54469c.qua' !
C:\Windows\temp\msb.dll
[RESULTAT] Contient le cheval de Troie TR/Crypt.IL
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a5b46ab.qua' !


Fin de la recherche : jeudi 30 avril 2009 08:33
Temps nécessaire: 1:06:20 Heure(s)

La recherche a été effectuée intégralement

24951 Les répertoires ont été contrôlés
470690 Des fichiers ont été contrôlés
18 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
12 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
470670 Fichiers non infectés
2523 Les archives ont été contrôlées
3 Avertissements
15 Consignes
83 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

Voila le rapport de combofix:
Il m'a marqué un message d'erreur à moment: combofix a detecté la présence d'une activité de rootkit et a besoin de faire redémarrer la machine.
Du coup l'ordinateur a redémarré et l'antivirus s'est lancé. J'espère que c'est pas gênant...

ComboFix 09-04-25.A3 - laura 30/04/2009 18:16.7 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1009 [GMT 2:00]
Lancé depuis: c:\users\laura\Desktop\Nouveau dossier (2)\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ovfsthxkuibfcmo.sys
c:\windows\system32\ovfsthxbtrubqbv.dll
c:\windows\system32\ovfsthxeyfrxoxp.dll
c:\windows\system32\ovfsthxhvhevcti.dat
c:\windows\system32\ovfsthxjpkoytcb.dll
c:\windows\system32\ovfsthxxynbdamc.dat
.
---- Exécution préalable -------
.
c:\windows\system32\ak1.exe
c:\windows\system32\drivers\ovfsthxkuibfcmo.sys
c:\windows\system32\ovfsthxcxxsfvir.dat
c:\windows\system32\ovfsthxjjpmchxs.dll
c:\windows\system32\ovfsthxmgrboiim.dat
c:\windows\system32\ovfsthxqvbrowpc.dll
c:\windows\system32\ovfsthxryvbrdud.dll
c:\windows\system32\p2hhr.bat
c:\windows\system32\yhs783ijfo3fe.dll
c:\windows\temp\1715767217.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxccpincvp
-------\Service_ovfsthxccpincvp


((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-4-30 ))))))))))))))))))))))))))))))))))))
.

2009-04-29 22:12 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\users\All Users\Avira
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\programdata\Avira
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\program files\Avira
2009-04-29 21:52 . 2009-04-29 21:52 -------- d-----w c:\users\All Users\NortonInstaller
2009-04-29 21:52 . 2009-04-29 21:52 -------- d-----w c:\programdata\NortonInstaller
2009-04-27 22:32 . 2009-04-27 22:32 237967696 ----a-w c:\windows\MEMORY.DMP
2009-04-27 17:43 . 2009-04-27 17:44 -------- d-----w C:\ToolBar SD
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Searches
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Links
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Videos
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Documents
2009-04-26 13:25 . 2009-04-26 13:26 4096 ----a-w c:\windows\system32\ftp_non_crp.exe
2009-04-26 11:01 . 2006-11-06 01:12 167936 ----a-w c:\windows\system32\igfxres.dll
2009-04-26 09:30 . 2009-04-26 13:30 -------- d-----w c:\users\All Users\fewokino
2009-04-26 09:30 . 2009-04-26 13:30 -------- d-----w c:\programdata\fewokino
2009-04-26 09:30 . 2009-04-26 13:30 -------- d-----w c:\users\All Users\bageseki
2009-04-26 09:30 . 2009-04-26 13:30 -------- d-----w c:\programdata\bageseki
2009-04-26 09:30 . 2009-04-26 09:30 -------- d-----w c:\users\All Users\lotikiwi
2009-04-26 09:30 . 2009-04-26 09:30 -------- d-----w c:\programdata\lotikiwi
2009-04-26 09:25 . 2009-04-26 13:50 -------- d-----w c:\users\All Users\hiluguba
2009-04-26 09:25 . 2009-04-26 13:50 -------- d-----w c:\programdata\hiluguba
2009-04-26 09:25 . 2009-04-26 13:30 -------- d-----w c:\users\All Users\yebuwude
2009-04-26 09:25 . 2009-04-26 13:30 -------- d-----w c:\users\All Users\wosawamu
2009-04-26 09:25 . 2009-04-26 13:30 -------- d-----w c:\programdata\yebuwude
2009-04-26 09:25 . 2009-04-26 13:30 -------- d-----w c:\programdata\wosawamu
2009-04-19 11:59 . 2009-04-19 11:59 -------- d-----w c:\users\laura\AppData\Roaming\vlc
2009-04-19 11:58 . 2009-04-28 21:43 -------- d-----w c:\users\laura\AppData\Roaming\dvdcss
2009-04-19 11:57 . 2009-04-19 11:57 -------- d-----w c:\program files\VideoLAN
2009-04-17 23:48 . 2009-04-17 23:48 -------- d-----w c:\users\All Users\ALM
2009-04-17 23:48 . 2009-04-17 23:48 -------- d-----w c:\programdata\ALM
2009-04-17 23:43 . 2009-04-17 23:43 -------- d-----w c:\users\laura\{0e7333d5-6a0e-4fca-80d5-a1e30d8cd71a}
2009-04-17 23:42 . 2008-04-07 03:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-17 23:14 . 2009-04-17 23:14 -------- d-----w c:\users\All Users\Macromedia
2009-04-17 23:12 . 2009-04-17 23:12 -------- d-----w c:\program files\Common Files\Macromedia
2009-04-17 23:12 . 2009-04-17 23:14 -------- d-----w c:\program files\Macromedia
2009-04-17 23:09 . 2009-04-17 23:09 -------- d-----w c:\windows\Downloaded Installations
2009-04-16 20:13 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 20:13 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 20:13 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 22:05 . 2006-11-02 15:48 669566 ----a-w c:\windows\System32\perfh00C.dat
2009-04-29 22:05 . 2006-11-02 15:48 123556 ----a-w c:\windows\System32\perfc00C.dat
2009-04-29 22:00 . 2007-05-08 21:11 -------- d-----w c:\programdata\Microsoft Help
2009-04-29 21:54 . 2006-12-04 23:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-27 17:44 . 2008-12-06 22:57 1443 ----a-w C:\TB.txt
2009-04-26 11:01 . 2006-12-04 23:53 -------- d-----w c:\program files\Common Files\Adobe
2009-04-23 00:39 . 2007-07-19 21:54 680 ----a-w c:\users\laura\AppData\Local\d3d9caps.dat
2009-04-22 11:10 . 2007-05-06 20:21 -------- d-----w c:\program files\flashfxp2
2009-04-18 00:08 . 2007-04-26 02:27 101808 ----a-w c:\users\laura\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 01:10 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-17 03:38 . 2009-04-16 20:12 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 20:12 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 20:12 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-03 04:46 . 2009-04-16 20:12 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 20:12 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 20:12 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-16 20:12 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 20:12 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 20:12 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 20:12 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 20:12 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 20:12 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-16 20:12 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 20:12 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 20:12 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-16 20:12 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 20:12 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-16 20:12 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 10:26 . 2009-02-08 13:14 28672 ----a-w c:\users\laura\ieframes.dll
2009-02-09 03:10 . 2009-03-10 23:43 2033152 ----a-w c:\windows\System32\win32k.sys
2008-12-06 21:54 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-03-03 17:51 . 2007-05-08 08:52 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-03 17:51 . 2007-05-08 08:52 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-03 17:51 . 2007-05-08 08:52 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-26_13.54.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 22:10 . 2009-04-29 22:10 54272 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39\vcomp90.dll
+ 2009-04-29 22:10 . 2009-04-29 22:10 62976 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90RUS.DLL
+ 2009-04-29 22:10 . 2009-04-29 22:10 46080 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90KOR.DLL
+ 2009-04-29 22:10 . 2009-04-29 22:10 46592 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90JPN.DLL
+ 2009-04-29 22:10 . 2009-04-29 22:10 64512 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ITA.DLL
+ 2009-04-29 22:10 . 2009-04-29 22:10 66048 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90FRA.DLL
+ 2009-04-29 22:10 . 2009-04-29 22:10 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESP.DLL
+ 2009-04-29 22:10 . 2009-04-29 22:10 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESN.DLL
+ 2009-04-29 22:10 . 2009-04-29 22:10 56832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL
+ 2009-04-29 22:10 . 2009-04-29 22:10 66560 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90DEU.DLL
+ 2009-04-29 22:10 . 2009-04-29 22:10 39936 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHT.DLL
+ 2009-04-29 22:10 . 2009-04-29 22:10 38912 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHS.DLL
+ 2009-04-29 22:10 . 2009-04-29 22:10 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90u.dll
+ 2009-04-29 22:10 . 2009-04-29 22:10 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90.dll
+ 2006-12-04 23:29 . 2009-04-30 16:49 58880 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-30 16:49 76222 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-04-26 02:29 . 2009-04-30 16:49 16376 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
+ 2009-04-29 22:12 . 2009-02-13 10:49 28376 c:\windows\System32\drivers\ssmdrv.sys
+ 2009-04-29 22:12 . 2009-03-30 08:32 96104 c:\windows\System32\drivers\avipbb.sys
+ 2009-04-29 22:19 . 2009-04-29 22:19 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-04-26 02:22 . 2009-04-26 13:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-29 22:19 . 2009-04-29 22:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-26 02:22 . 2009-04-26 13:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-27 17:20 . 2009-04-27 17:20 78924 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-04-29 22:19 . 2009-04-29 22:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2009-04-27 17:22 . 2009-04-27 17:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009042720090428\index.dat
+ 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-27 17:22 . 2009-04-27 17:22 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-04-27 17:20 . 2009-04-27 17:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2007-11-30 18:51 . 2009-04-29 22:00 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-30 18:51 . 2009-04-17 01:03 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-11-30 18:51 . 2009-04-29 22:00 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-11-30 18:51 . 2009-04-17 01:03 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-11-30 18:51 . 2009-04-17 01:03 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-11-30 18:51 . 2009-04-29 22:00 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-30 16:33 . 2009-04-30 16:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-30 16:33 . 2009-04-30 16:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-29 22:10 . 2009-04-29 22:10 655872 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll
+ 2009-04-29 22:10 . 2009-04-29 22:10 572928 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcp90.dll
+ 2009-04-29 22:10 . 2009-04-29 22:10 225280 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcm90.dll
+ 2009-04-29 22:09 . 2009-04-29 22:09 161784 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e\ATL90.dll
+ 2006-11-02 10:33 . 2009-04-29 22:05 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-29 22:05 101250 c:\windows\System32\perfc009.dat
+ 2009-04-27 17:20 . 2009-04-27 17:20 224639 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin
- 2006-11-02 12:47 . 2009-04-26 13:54 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2006-11-02 12:47 . 2009-04-30 16:49 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2006-11-02 12:47 . 2009-04-30 16:44 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2006-11-02 12:47 . 2009-04-26 13:53 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2007-11-30 18:51 . 2009-04-17 01:03 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-11-30 18:51 . 2009-04-29 22:00 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-11-30 18:51 . 2009-04-17 01:03 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-11-30 18:51 . 2009-04-29 22:00 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-11-30 18:51 . 2009-04-29 22:00 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2007-11-30 18:51 . 2009-04-17 01:03 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2007-11-30 18:51 . 2009-04-17 01:03 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-11-30 18:51 . 2009-04-29 22:00 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2007-11-30 18:51 . 2009-04-17 01:03 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2007-11-30 18:51 . 2009-04-29 22:00 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-30 18:51 . 2009-04-17 01:03 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-11-30 18:51 . 2009-04-29 22:00 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-04-29 22:10 . 2009-04-29 22:10 3783672 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll
+ 2009-04-29 22:10 . 2009-04-29 22:10 3768312 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90.dll
- 2006-11-02 10:22 . 2009-04-17 18:57 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-04-30 16:48 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2007-11-30 18:51 . 2009-04-17 01:03 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-11-30 18:51 . 2009-04-29 22:00 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-11-30 18:51 . 2009-04-29 22:00 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2007-11-30 18:51 . 2009-04-17 01:03 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-02-15 02:01 . 2009-04-30 16:48 105042572 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{126A5CD0-13FA-4E31-BD7B-F00BC70EABCE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E112A387-01B3-49FB-8EBD-1F281CCF0322}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{02EA2B24-381D-4FB8-BACA-3EA6F0E291B8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{780108FA-4A1B-4D68-A47C-7EB781DBCECB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{327E38DC-621E-404B-BAE4-2DCB38506F99}"= UDP:5353:Adobe CSI CS4
"{69CB9766-D606-4511-B847-4CBA64B3D69A}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0DC0D04F-7DBD-45DC-8A21-D4A5F06DE3D8}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C195398B-AC6C-4D3B-A9D1-819F5862E2A3}"= UDP:c:\windows\explorer.exe:Explorer
"{B3244588-EB8C-4C77-813D-B1E2972879B0}"= TCP:c:\windows\explorer.exe:Explorer
"{B52C2D2C-9050-4DBB-BD56-717C660EEF66}"= UDP:c:\program files\iPod\bin\iPodService.exe:iPodService
"{3A2EFAE8-9D37-407C-ACFA-704A86026203}"= TCP:c:\program files\iPod\bin\iPodService.exe:iPodService
"{9F07C288-8785-42C2-8A6A-F01B3848C582}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{9E2B81AF-5ECF-4E7C-8BBA-8D0234AFFF29}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{9E27014E-3E7A-4525-B212-FAF85EFA4C09}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{90B9A85A-655F-49D7-9E73-266603FBB82F}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{BB2DA67B-C03D-4C63-A7D6-99399D156E35}"= UDP:c:\windows\System32\services.exe:services
"{BBD144A0-82B0-4344-BA4F-0A4FC948BE23}"= TCP:c:\windows\System32\services.exe:services
"{2023CF5E-A4F6-4912-BE56-0290EC08E816}"= UDP:c:\users\laura\AppData\Local\Temp\7zS16D2.tmp\SymNRT.exe:Norton Removal Tool
"{A60845A2-B98D-4A61-8EF6-4DEA2D525179}"= TCP:c:\users\laura\AppData\Local\Temp\7zS16D2.tmp\SymNRT.exe:Norton Removal Tool
"{169E4D6B-02B3-4481-9FFA-7A4A5EC02424}"= UDP:c:\users\laura\AppData\Local\Temp\7zSBD00.tmp\SymNRT.exe:Norton Removal Tool
"{EED7E065-BE81-4115-820E-B62E9C2A367E}"= TCP:c:\users\laura\AppData\Local\Temp\7zSBD00.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabledecryption

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e71f84e-fc09-11db-baf6-0016d46a96cd}]
\shell\Auto\command - F:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f7752a-f23b-11dc-ad37-0016d46a96cd}]
\shell\Auto\command - F:\Start.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
- c:\windows\system32\msfeedssync.exe [2008-12-06 07:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-Windows Resurections - c:\windows\TEMP\qgr5vz06w8.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\1715767217.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 18:49
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\drivers\ovfsthxkuibfcmo.sys 81920 bytes executable
c:\windows\system32\ovfsthxevdwtirv.dll 60928 bytes executable
c:\windows\system32\ovfsthxicuhnjci.dat 3171 bytes
c:\windows\system32\ovfsthxjxtengxo.dll 18944 bytes executable
c:\windows\system32\ovfsthxpblhtfdn.dll 18432 bytes executable
c:\users\laura\AppData\Local\Temp\ovfsthxodpncqleix.tmp 104960 bytes executable
c:\users\laura\AppData\Local\Temp\ovfsthxswttttgnlt.tmp 131072 bytes executable
c:\users\laura\AppData\Local\Temp\ovfsthxthyyrkxeim.tmp 680448 bytes executable

Scan terminé avec succès
Fichiers cachés: 8

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxccpincvp]
"imagepath"="\systemroot\system32\drivers\ovfsthxkuibfcmo.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxccpincvp]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthxkuibfcmo.sys"
"inst"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\acer\Empowering Technology\eNet\eNMTray.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\users\laura\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Avira\AntiVir Desktop\guardgui.exe
.
**************************************************************************
.
Heure de fin: 2009-04-30 18:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-30 16:53
ComboFix2.txt 2009-04-26 13:59
ComboFix3.txt 2008-12-08 16:20

Avant-CF: 33 081 614 336 octets libres
Après-CF: 33 181 470 720 octets libres

389 --- E O F --- 2009-04-29 22:00

Voici le rapport:

ComboFix 09-04-25.A3 - laura 01/05/2009 3:15.8 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1339 [GMT 2:00]
Lancé depuis: c:\users\laura\Desktop\Nouveau dossier (2)\ComboFix.exe
Commutateurs utilisés :: c:\users\laura\Desktop\Nouveau dossier (2)\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\users\laura\AppData\Local\Temp\ovfsthxodpncqleix.tmp
c:\users\laura\AppData\Local\Temp\ovfsthxswttttgnlt.tmp
c:\users\laura\AppData\Local\Temp\ovfsthxthyyrkxeim.tmp
c:\windows\system32\ftp_non_crp.exe
c:\windows\system32\ovfsthxevdwtirv.dll
c:\windows\system32\ovfsthxicuhnjci.dat
c:\windows\system32\ovfsthxjxtengxo.dll
c:\windows\system32\ovfsthxpblhtfdn.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\bageseki
c:\programdata\bageseki\ikesegab.ini
c:\programdata\fewokino
c:\programdata\hiluguba
c:\programdata\lotikiwi
c:\programdata\wosawamu
c:\programdata\yebuwude
c:\users\All Users\bageseki\ikesegab.ini
c:\users\laura\AppData\Local\Temp\ovfsthxodpncqleix.tmp
c:\users\laura\AppData\Local\Temp\ovfsthxswttttgnlt.tmp
c:\users\laura\AppData\Local\Temp\ovfsthxthyyrkxeim.tmp
c:\windows\system32\drivers\ovfsthxkuibfcmo.sys
c:\windows\system32\ftp_non_crp.exe
c:\windows\system32\ovfsthxbbvkoxtn.dat
c:\windows\system32\ovfsthxevdwtirv.dll
c:\windows\system32\ovfsthxicuhnjci.dat
c:\windows\system32\ovfsthxjxtengxo.dll
c:\windows\system32\ovfsthxpblhtfdn.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxccpincvp


((((((((((((((((((((((((((((( Fichiers créés du 2009-06-01 au 2009-5-1 ))))))))))))))))))))))))))))))))))))
.

2009-04-29 22:12 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\users\All Users\Avira
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\programdata\Avira
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\program files\Avira
2009-04-29 21:52 . 2009-04-29 21:52 -------- d-----w c:\users\All Users\NortonInstaller
2009-04-29 21:52 . 2009-04-29 21:52 -------- d-----w c:\programdata\NortonInstaller
2009-04-27 22:32 . 2009-04-27 22:32 237967696 ----a-w c:\windows\MEMORY.DMP
2009-04-27 17:43 . 2009-04-27 17:44 -------- d-----w C:\ToolBar SD
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Searches
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Links
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Videos
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Documents
2009-04-26 11:01 . 2006-11-06 01:12 167936 ----a-w c:\windows\system32\igfxres.dll
2009-04-19 11:59 . 2009-04-19 11:59 -------- d-----w c:\users\laura\AppData\Roaming\vlc
2009-04-19 11:58 . 2009-04-28 21:43 -------- d-----w c:\users\laura\AppData\Roaming\dvdcss
2009-04-19 11:57 . 2009-04-19 11:57 -------- d-----w c:\program files\VideoLAN
2009-04-17 23:48 . 2009-04-17 23:48 -------- d-----w c:\users\All Users\ALM
2009-04-17 23:48 . 2009-04-17 23:48 -------- d-----w c:\programdata\ALM
2009-04-17 23:43 . 2009-04-17 23:43 -------- d-----w c:\users\laura\{0e7333d5-6a0e-4fca-80d5-a1e30d8cd71a}
2009-04-17 23:42 . 2008-04-07 03:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-17 23:14 . 2009-04-17 23:14 -------- d-----w c:\users\All Users\Macromedia
2009-04-17 23:12 . 2009-04-17 23:12 -------- d-----w c:\program files\Common Files\Macromedia
2009-04-17 23:12 . 2009-04-17 23:14 -------- d-----w c:\program files\Macromedia
2009-04-17 23:09 . 2009-04-17 23:09 -------- d-----w c:\windows\Downloaded Installations
2009-04-16 20:13 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 20:13 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 20:13 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 22:05 . 2006-11-02 15:48 669566 ----a-w c:\windows\System32\perfh00C.dat
2009-04-29 22:05 . 2006-11-02 15:48 123556 ----a-w c:\windows\System32\perfc00C.dat
2009-04-29 22:00 . 2007-05-08 21:11 -------- d-----w c:\programdata\Microsoft Help
2009-04-29 21:54 . 2006-12-04 23:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-27 17:44 . 2008-12-06 22:57 1443 ----a-w C:\TB.txt
2009-04-26 11:01 . 2006-12-04 23:53 -------- d-----w c:\program files\Common Files\Adobe
2009-04-23 00:39 . 2007-07-19 21:54 680 ----a-w c:\users\laura\AppData\Local\d3d9caps.dat
2009-04-22 11:10 . 2007-05-06 20:21 -------- d-----w c:\program files\flashfxp2
2009-04-18 00:08 . 2007-04-26 02:27 101808 ----a-w c:\users\laura\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 01:10 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-17 03:38 . 2009-04-16 20:12 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 20:12 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 20:12 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-03 04:46 . 2009-04-16 20:12 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 20:12 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 20:12 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-16 20:12 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 20:12 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 20:12 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 20:12 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 20:12 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 20:12 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-16 20:12 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 20:12 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 20:12 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-16 20:12 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 20:12 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-16 20:12 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 10:26 . 2009-02-08 13:14 28672 ----a-w c:\users\laura\ieframes.dll
2009-02-09 03:10 . 2009-03-10 23:43 2033152 ----a-w c:\windows\System32\win32k.sys
2008-12-06 21:54 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-03-03 17:51 . 2007-05-08 08:52 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-03 17:51 . 2007-05-08 08:52 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-03 17:51 . 2007-05-08 08:52 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-04-30_16.49.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-04 23:29 . 2009-05-01 01:23 59198 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-01 01:23 76374 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-04-26 02:29 . 2009-05-01 01:23 16532 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
- 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-26 02:22 . 2009-05-01 01:21 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-26 02:22 . 2009-05-01 01:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-04-26 02:22 . 2009-05-01 01:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-30 16:33 . 2009-04-30 16:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-01 01:21 . 2009-05-01 01:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:47 . 2009-04-30 16:49 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2006-11-02 12:47 . 2009-05-01 01:22 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2006-11-02 12:47 . 2009-04-30 16:44 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2006-11-02 12:47 . 2009-05-01 01:22 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2006-11-02 10:22 . 2009-04-30 16:48 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-04-30 17:07 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{126A5CD0-13FA-4E31-BD7B-F00BC70EABCE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E112A387-01B3-49FB-8EBD-1F281CCF0322}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{02EA2B24-381D-4FB8-BACA-3EA6F0E291B8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{780108FA-4A1B-4D68-A47C-7EB781DBCECB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{327E38DC-621E-404B-BAE4-2DCB38506F99}"= UDP:5353:Adobe CSI CS4
"{69CB9766-D606-4511-B847-4CBA64B3D69A}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0DC0D04F-7DBD-45DC-8A21-D4A5F06DE3D8}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C195398B-AC6C-4D3B-A9D1-819F5862E2A3}"= UDP:c:\windows\explorer.exe:Explorer
"{B3244588-EB8C-4C77-813D-B1E2972879B0}"= TCP:c:\windows\explorer.exe:Explorer
"{B52C2D2C-9050-4DBB-BD56-717C660EEF66}"= UDP:c:\program files\iPod\bin\iPodService.exe:iPodService
"{3A2EFAE8-9D37-407C-ACFA-704A86026203}"= TCP:c:\program files\iPod\bin\iPodService.exe:iPodService
"{9F07C288-8785-42C2-8A6A-F01B3848C582}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{9E2B81AF-5ECF-4E7C-8BBA-8D0234AFFF29}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{9E27014E-3E7A-4525-B212-FAF85EFA4C09}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{90B9A85A-655F-49D7-9E73-266603FBB82F}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{BB2DA67B-C03D-4C63-A7D6-99399D156E35}"= UDP:c:\windows\System32\services.exe:services
"{BBD144A0-82B0-4344-BA4F-0A4FC948BE23}"= TCP:c:\windows\System32\services.exe:services
"{2023CF5E-A4F6-4912-BE56-0290EC08E816}"= UDP:c:\users\laura\AppData\Local\Temp\7zS16D2.tmp\SymNRT.exe:Norton Removal Tool
"{A60845A2-B98D-4A61-8EF6-4DEA2D525179}"= TCP:c:\users\laura\AppData\Local\Temp\7zS16D2.tmp\SymNRT.exe:Norton Removal Tool
"{169E4D6B-02B3-4481-9FFA-7A4A5EC02424}"= UDP:c:\users\laura\AppData\Local\Temp\7zSBD00.tmp\SymNRT.exe:Norton Removal Tool
"{EED7E065-BE81-4115-820E-B62E9C2A367E}"= TCP:c:\users\laura\AppData\Local\Temp\7zSBD00.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabledecryption

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'

2009-05-01 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
- c:\windows\system32\msfeedssync.exe [2008-12-06 07:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 03:23
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\drivers\ovfsthxkuibfcmo.sys 81920 bytes executable
c:\windows\system32\ovfsthxbipypbvu.dat 1945 bytes
c:\windows\system32\ovfsthxitqqxbdd.dll 60928 bytes executable
c:\windows\system32\ovfsthxnsiqugmn.dll 18944 bytes executable
c:\windows\system32\ovfsthxvvvjrivf.dll 18432 bytes executable
c:\windows\system32\ovfsthxwqfjvptd.dat 43 bytes

Scan terminé avec succès
Fichiers cachés: 6

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxccpincvp]
"imagepath"="\systemroot\system32\drivers\ovfsthxkuibfcmo.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxccpincvp]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthxkuibfcmo.sys"
"inst"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(5512)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\acer\Empowering Technology\eNet\eNMTray.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\windows\System32\igfxsrvc.exe
c:\users\laura\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\System32\igfxext.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-05-01 3:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-01 01:30
ComboFix2.txt 2009-04-30 16:53
ComboFix3.txt 2009-04-26 13:59
ComboFix4.txt 2008-12-08 16:20

Avant-CF: 32 973 234 176 octets libres
Après-CF: 32 933 490 688 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
329 --- E O F --- 2009-04-29 22:00

Alors j'ai lancé la manip en étant en mode sans échec par contre il m'a demandé de redémarrer l'ordinateur et il a redémarré en mode normal. J'ai relancé la manip pour essayer de mettre en mode sans échec en même temps que ca redémarrait mais ca n'a pas marché... Je sais pas si ca a marché du coup pcq l'antivirus se relance automatiquement à l'ouverture de l'ordinateur en mode normal. Enfin voici le rapport:

ComboFix 09-04-25.A3 - laura 01/05/2009 18:37.9 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1637 [GMT 2:00]
Lancé depuis: c:\users\laura\Desktop\Nouveau dossier (2)\ComboFix.exe
Commutateurs utilisés :: c:\users\laura\Desktop\CFScript.txt
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ovfsthxkuibfcmo.sys
c:\windows\system32\ovfsthxbipypbvu.dat
c:\windows\system32\ovfsthxitqqxbdd.dll
c:\windows\system32\ovfsthxnsiqugmn.dll
c:\windows\system32\ovfsthxvvvjrivf.dll
c:\windows\system32\ovfsthxwqfjvptd.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-01 au 2009-5-1 ))))))))))))))))))))))))))))))))))))
.

2009-04-29 22:12 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\users\All Users\Avira
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\programdata\Avira
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\program files\Avira
2009-04-29 21:52 . 2009-04-29 21:52 -------- d-----w c:\users\All Users\NortonInstaller
2009-04-29 21:52 . 2009-04-29 21:52 -------- d-----w c:\programdata\NortonInstaller
2009-04-27 22:32 . 2009-05-01 07:25 256092496 ----a-w c:\windows\MEMORY.DMP
2009-04-27 17:43 . 2009-04-27 17:44 -------- d-----w C:\ToolBar SD
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Searches
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Links
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Videos
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Documents
2009-04-26 11:01 . 2006-11-06 01:12 167936 ----a-w c:\windows\system32\igfxres.dll
2009-04-19 11:59 . 2009-04-19 11:59 -------- d-----w c:\users\laura\AppData\Roaming\vlc
2009-04-19 11:58 . 2009-04-28 21:43 -------- d-----w c:\users\laura\AppData\Roaming\dvdcss
2009-04-19 11:57 . 2009-04-19 11:57 -------- d-----w c:\program files\VideoLAN
2009-04-17 23:48 . 2009-04-17 23:48 -------- d-----w c:\users\All Users\ALM
2009-04-17 23:48 . 2009-04-17 23:48 -------- d-----w c:\programdata\ALM
2009-04-17 23:43 . 2009-04-17 23:43 -------- d-----w c:\users\laura\{0e7333d5-6a0e-4fca-80d5-a1e30d8cd71a}
2009-04-17 23:42 . 2008-04-07 03:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-17 23:14 . 2009-04-17 23:14 -------- d-----w c:\users\All Users\Macromedia
2009-04-17 23:12 . 2009-04-17 23:12 -------- d-----w c:\program files\Common Files\Macromedia
2009-04-17 23:12 . 2009-04-17 23:14 -------- d-----w c:\program files\Macromedia
2009-04-17 23:09 . 2009-04-17 23:09 -------- d-----w c:\windows\Downloaded Installations
2009-04-16 20:13 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 20:13 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 20:13 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 07:38 . 2007-05-06 00:54 -------- d-----w c:\program files\MSN Messenger
2009-04-29 22:05 . 2006-11-02 15:48 669566 ----a-w c:\windows\System32\perfh00C.dat
2009-04-29 22:05 . 2006-11-02 15:48 123556 ----a-w c:\windows\System32\perfc00C.dat
2009-04-29 22:00 . 2007-05-08 21:11 -------- d-----w c:\programdata\Microsoft Help
2009-04-29 21:54 . 2006-12-04 23:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-27 17:44 . 2008-12-06 22:57 1443 ----a-w C:\TB.txt
2009-04-26 11:01 . 2006-12-04 23:53 -------- d-----w c:\program files\Common Files\Adobe
2009-04-23 00:39 . 2007-07-19 21:54 680 ----a-w c:\users\laura\AppData\Local\d3d9caps.dat
2009-04-22 11:10 . 2007-05-06 20:21 -------- d-----w c:\program files\flashfxp2
2009-04-18 00:08 . 2007-04-26 02:27 101808 ----a-w c:\users\laura\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 01:10 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-17 03:38 . 2009-04-16 20:12 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 20:12 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 20:12 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-03 04:46 . 2009-04-16 20:12 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 20:12 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 20:12 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-16 20:12 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 20:12 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 20:12 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 20:12 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 20:12 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 20:12 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-16 20:12 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 20:12 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 20:12 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-16 20:12 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 20:12 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-16 20:12 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 10:26 . 2009-02-08 13:14 28672 ----a-w c:\users\laura\ieframes.dll
2009-02-09 03:10 . 2009-03-10 23:43 2033152 ----a-w c:\windows\System32\win32k.sys
2008-12-06 21:54 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-03-03 17:51 . 2007-05-08 08:52 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-03 17:51 . 2007-05-08 08:52 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-03 17:51 . 2007-05-08 08:52 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-04-30_16.49.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-04 23:29 . 2009-05-01 15:46 59238 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-01 15:46 76566 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-04-26 02:29 . 2009-05-01 15:46 16620 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
- 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-26 02:22 . 2009-05-01 15:50 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-26 02:22 . 2009-05-01 15:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-04-26 02:22 . 2009-05-01 15:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-05-06 16:31 . 2009-05-01 15:48 261974 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:47 . 2009-04-30 16:49 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2006-11-02 12:47 . 2009-05-01 17:27 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2006-11-02 12:47 . 2009-04-30 16:44 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2006-11-02 12:47 . 2009-05-01 17:27 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2006-11-02 10:22 . 2009-04-30 16:48 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-04-30 17:07 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{126A5CD0-13FA-4E31-BD7B-F00BC70EABCE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E112A387-01B3-49FB-8EBD-1F281CCF0322}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{02EA2B24-381D-4FB8-BACA-3EA6F0E291B8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{780108FA-4A1B-4D68-A47C-7EB781DBCECB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{327E38DC-621E-404B-BAE4-2DCB38506F99}"= UDP:5353:Adobe CSI CS4
"{69CB9766-D606-4511-B847-4CBA64B3D69A}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0DC0D04F-7DBD-45DC-8A21-D4A5F06DE3D8}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C195398B-AC6C-4D3B-A9D1-819F5862E2A3}"= UDP:c:\windows\explorer.exe:Explorer
"{B3244588-EB8C-4C77-813D-B1E2972879B0}"= TCP:c:\windows\explorer.exe:Explorer
"{B52C2D2C-9050-4DBB-BD56-717C660EEF66}"= UDP:c:\program files\iPod\bin\iPodService.exe:iPodService
"{3A2EFAE8-9D37-407C-ACFA-704A86026203}"= TCP:c:\program files\iPod\bin\iPodService.exe:iPodService
"{9F07C288-8785-42C2-8A6A-F01B3848C582}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{9E2B81AF-5ECF-4E7C-8BBA-8D0234AFFF29}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{9E27014E-3E7A-4525-B212-FAF85EFA4C09}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{90B9A85A-655F-49D7-9E73-266603FBB82F}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{BB2DA67B-C03D-4C63-A7D6-99399D156E35}"= UDP:c:\windows\System32\services.exe:services
"{BBD144A0-82B0-4344-BA4F-0A4FC948BE23}"= TCP:c:\windows\System32\services.exe:services
"{2023CF5E-A4F6-4912-BE56-0290EC08E816}"= UDP:c:\users\laura\AppData\Local\Temp\7zS16D2.tmp\SymNRT.exe:Norton Removal Tool
"{A60845A2-B98D-4A61-8EF6-4DEA2D525179}"= TCP:c:\users\laura\AppData\Local\Temp\7zS16D2.tmp\SymNRT.exe:Norton Removal Tool
"{169E4D6B-02B3-4481-9FFA-7A4A5EC02424}"= UDP:c:\users\laura\AppData\Local\Temp\7zSBD00.tmp\SymNRT.exe:Norton Removal Tool
"{EED7E065-BE81-4115-820E-B62E9C2A367E}"= TCP:c:\users\laura\AppData\Local\Temp\7zSBD00.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabledecryption

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'

2009-05-01 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
- c:\windows\system32\msfeedssync.exe [2008-12-06 07:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 19:27
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\drivers\ovfsthxkuibfcmo.sys 81920 bytes executable
c:\windows\system32\ovfsthxehfxirci.dat 9526 bytes
c:\windows\system32\ovfsthxidscpexm.dll 60928 bytes executable
c:\windows\system32\ovfsthxrgnuyreu.dll 18432 bytes executable
c:\windows\system32\ovfsthxuctkxewy.dll 18944 bytes executable


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxccpincvp]
"imagepath"="\systemroot\system32\drivers\ovfsthxkuibfcmo.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxccpincvp]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthxkuibfcmo.sys"
"inst"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\combofix\hidec.exe
c:\windows\System32\rundll32.exe
c:\program files\Launch Manager\LManager.exe
c:\users\laura\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\eNet\eNMTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\windows\System32\igfxext.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Avira\AntiVir Desktop\guardgui.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Heure de fin: 2009-05-01 19:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-01 17:33
ComboFix2.txt 2009-05-01 01:30
ComboFix3.txt 2009-04-30 16:53
ComboFix4.txt 2009-04-26 13:59
ComboFix5.txt 2009-05-01 15:43

Avant-CF: 38 489 399 296 octets libres
Après-CF: 36 395 327 488 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
294 --- E O F --- 2009-04-29 22:00

Voila le dernier rapport

ComboFix 09-04-25.A3 - laura 02/05/2009 15:35.10 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1345 [GMT 2:00]
Lancé depuis: c:\users\laura\Desktop\Nouveau dossier (2)\ComboFix.exe
Commutateurs utilisés :: c:\users\laura\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ovfsthxkuibfcmo.sys
c:\windows\system32\ovfsthxbipypbvu.dat
c:\windows\system32\ovfsthxcvyxpvef.dat
c:\windows\system32\ovfsthxehfxirci.dat
c:\windows\system32\ovfsthxidscpexm.dll
c:\windows\system32\ovfsthxitqqxbdd.dll
c:\windows\system32\ovfsthxnsiqugmn.dll
c:\windows\system32\ovfsthxrgnuyreu.dll
c:\windows\system32\ovfsthxuctkxewy.dll
c:\windows\system32\ovfsthxvvvjrivf.dll
c:\windows\system32\ovfsthxwqfjvptd.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxccpincvp


((((((((((((((((((((((((((((( Fichiers créés du 2009-06-02 au 2009-5-2 ))))))))))))))))))))))))))))))))))))
.

2009-05-02 04:20 . 2009-05-02 04:50 22538 ----a-w c:\windows\system32\lmppcsetup.exe
2009-04-29 22:12 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\users\All Users\Avira
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\programdata\Avira
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\program files\Avira
2009-04-29 21:52 . 2009-04-29 21:52 -------- d-----w c:\users\All Users\NortonInstaller
2009-04-29 21:52 . 2009-04-29 21:52 -------- d-----w c:\programdata\NortonInstaller
2009-04-27 22:32 . 2009-05-01 18:33 237820240 ----a-w c:\windows\MEMORY.DMP
2009-04-27 17:43 . 2009-04-27 17:44 -------- d-----w C:\ToolBar SD
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Searches
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Saved Games
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Links
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Downloads
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Pictures
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Videos
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----r c:\windows\system32\config\systemprofile\Documents
2009-04-26 11:01 . 2006-11-06 01:12 167936 ----a-w c:\windows\system32\igfxres.dll
2009-04-19 11:59 . 2009-04-19 11:59 -------- d-----w c:\users\laura\AppData\Roaming\vlc
2009-04-19 11:58 . 2009-04-28 21:43 -------- d-----w c:\users\laura\AppData\Roaming\dvdcss
2009-04-19 11:57 . 2009-04-19 11:57 -------- d-----w c:\program files\VideoLAN
2009-04-17 23:48 . 2009-04-17 23:48 -------- d-----w c:\users\All Users\ALM
2009-04-17 23:48 . 2009-04-17 23:48 -------- d-----w c:\programdata\ALM
2009-04-17 23:43 . 2009-04-17 23:43 -------- d-----w c:\users\laura\{0e7333d5-6a0e-4fca-80d5-a1e30d8cd71a}
2009-04-17 23:42 . 2008-04-07 03:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-17 23:14 . 2009-04-17 23:14 -------- d-----w c:\users\All Users\Macromedia
2009-04-17 23:12 . 2009-04-17 23:12 -------- d-----w c:\program files\Common Files\Macromedia
2009-04-17 23:12 . 2009-04-17 23:14 -------- d-----w c:\program files\Macromedia
2009-04-17 23:09 . 2009-04-17 23:09 -------- d-----w c:\windows\Downloaded Installations
2009-04-16 20:13 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 20:13 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 20:13 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 01:00 . 2007-05-08 21:11 -------- d-----w c:\programdata\Microsoft Help
2009-05-01 07:38 . 2007-05-06 00:54 -------- d-----w c:\program files\MSN Messenger
2009-04-29 22:05 . 2006-11-02 15:48 669566 ----a-w c:\windows\System32\perfh00C.dat
2009-04-29 22:05 . 2006-11-02 15:48 123556 ----a-w c:\windows\System32\perfc00C.dat
2009-04-29 21:54 . 2006-12-04 23:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-27 17:44 . 2008-12-06 22:57 1443 ----a-w C:\TB.txt
2009-04-26 11:01 . 2006-12-04 23:53 -------- d-----w c:\program files\Common Files\Adobe
2009-04-23 00:39 . 2007-07-19 21:54 680 ----a-w c:\users\laura\AppData\Local\d3d9caps.dat
2009-04-22 11:10 . 2007-05-06 20:21 -------- d-----w c:\program files\flashfxp2
2009-04-18 00:08 . 2007-04-26 02:27 101808 ----a-w c:\users\laura\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 01:10 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-17 03:38 . 2009-04-16 20:12 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 20:12 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 20:12 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-03 04:46 . 2009-04-16 20:12 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 20:12 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 20:12 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-16 20:12 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 20:12 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 20:12 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 20:12 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 20:12 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 20:12 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-16 20:12 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 20:12 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 20:12 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-16 20:12 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 20:12 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-16 20:12 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 10:26 . 2009-02-08 13:14 28672 ----a-w c:\users\laura\ieframes.dll
2009-02-09 03:10 . 2009-03-10 23:43 2033152 ----a-w c:\windows\System32\win32k.sys
2008-12-06 21:54 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-03-03 17:51 . 2007-05-08 08:52 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-03 17:51 . 2007-05-08 08:52 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-03 17:51 . 2007-05-08 08:52 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-04-30_16.49.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-04 23:29 . 2009-05-02 13:43 59484 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-02 13:44 76720 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-04-26 02:29 . 2009-05-02 13:44 16740 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
- 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-26 02:22 . 2009-05-02 13:41 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-26 02:22 . 2009-05-02 13:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-26 02:22 . 2009-05-02 13:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-30 16:33 . 2009-04-30 16:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-02 13:41 . 2009-05-02 13:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-30 16:33 . 2009-04-30 16:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-02 13:41 . 2009-05-02 13:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-05-06 16:31 . 2009-05-01 15:48 261974 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:47 . 2009-04-30 16:49 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2006-11-02 12:47 . 2009-05-02 13:43 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2006-11-02 12:47 . 2009-04-30 16:44 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2006-11-02 12:47 . 2009-05-02 13:43 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2006-11-02 10:22 . 2009-04-30 16:48 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-04-30 17:07 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{126A5CD0-13FA-4E31-BD7B-F00BC70EABCE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E112A387-01B3-49FB-8EBD-1F281CCF0322}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{02EA2B24-381D-4FB8-BACA-3EA6F0E291B8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{780108FA-4A1B-4D68-A47C-7EB781DBCECB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{327E38DC-621E-404B-BAE4-2DCB38506F99}"= UDP:5353:Adobe CSI CS4
"{69CB9766-D606-4511-B847-4CBA64B3D69A}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0DC0D04F-7DBD-45DC-8A21-D4A5F06DE3D8}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C195398B-AC6C-4D3B-A9D1-819F5862E2A3}"= UDP:c:\windows\explorer.exe:Explorer
"{B3244588-EB8C-4C77-813D-B1E2972879B0}"= TCP:c:\windows\explorer.exe:Explorer
"{B52C2D2C-9050-4DBB-BD56-717C660EEF66}"= UDP:c:\program files\iPod\bin\iPodService.exe:iPodService
"{3A2EFAE8-9D37-407C-ACFA-704A86026203}"= TCP:c:\program files\iPod\bin\iPodService.exe:iPodService
"{9F07C288-8785-42C2-8A6A-F01B3848C582}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{9E2B81AF-5ECF-4E7C-8BBA-8D0234AFFF29}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{9E27014E-3E7A-4525-B212-FAF85EFA4C09}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{90B9A85A-655F-49D7-9E73-266603FBB82F}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{BB2DA67B-C03D-4C63-A7D6-99399D156E35}"= UDP:c:\windows\System32\services.exe:services
"{BBD144A0-82B0-4344-BA4F-0A4FC948BE23}"= TCP:c:\windows\System32\services.exe:services
"{2023CF5E-A4F6-4912-BE56-0290EC08E816}"= UDP:c:\users\laura\AppData\Local\Temp\7zS16D2.tmp\SymNRT.exe:Norton Removal Tool
"{A60845A2-B98D-4A61-8EF6-4DEA2D525179}"= TCP:c:\users\laura\AppData\Local\Temp\7zS16D2.tmp\SymNRT.exe:Norton Removal Tool
"{169E4D6B-02B3-4481-9FFA-7A4A5EC02424}"= UDP:c:\users\laura\AppData\Local\Temp\7zSBD00.tmp\SymNRT.exe:Norton Removal Tool
"{EED7E065-BE81-4115-820E-B62E9C2A367E}"= TCP:c:\users\laura\AppData\Local\Temp\7zSBD00.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabledecryption

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'

2009-05-02 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
- c:\windows\system32\msfeedssync.exe [2008-12-06 07:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 15:43
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\drivers\ovfsthxkuibfcmo.sys 81920 bytes executable
c:\windows\system32\ovfsthxdkpxitqt.dat 1851 bytes
c:\windows\system32\ovfsthxertifprn.dll 60928 bytes executable
c:\windows\system32\ovfsthxpufemwox.dll 18944 bytes executable
c:\windows\system32\ovfsthxvnuyrchi.dat 43 bytes
c:\windows\system32\ovfsthxxreccipb.dll 18432 bytes executable

Scan terminé avec succès
Fichiers cachés: 6

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxccpincvp]
"imagepath"="\systemroot\system32\drivers\ovfsthxkuibfcmo.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxccpincvp]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ovfsthxkuibfcmo.sys"
"inst"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4028)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.fra
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Launch Manager\LManager.exe
c:\users\laura\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\eNet\eNMTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Microsoft Office\Office12\WINWORD.EXE
.
**************************************************************************
.
Heure de fin: 2009-05-02 15:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-02 13:50
ComboFix2.txt 2009-05-01 17:34
ComboFix3.txt 2009-05-01 01:30
ComboFix4.txt 2009-04-30 16:53
ComboFix5.txt 2009-05-02 13:29

Avant-CF: 35 848 744 960 octets libres
Après-CF: 35 846 082 560 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
321 --- E O F --- 2009-05-02 01:00

Voila le rapport généré:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"????r"=hex(0):
"SuperCopier.exe"="C:\\Program Files\\SuperCopier\\SuperCopier.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"?????????"=hex(0):
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
@=""

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rapimgr]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,6f,00,62,00,69,\
00,6c,00,65,00,00,00
"DisplayName"="@%windir%\\WindowsMobile\\rapimgr.dll,-104"
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="@%windir%\\WindowsMobile\\rapimgr.dll,-105"
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:2c,01,00,00,00,00,00,00,00,00,00,00,03,00,00,00,00,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,\
00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,\
00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rapimgr\Parameters]
"ServiceDll"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,57,\
00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,6f,00,62,00,69,00,6c,00,65,00,\
5c,00,72,00,61,00,70,00,69,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceMain"="ServiceMain"
"ServiceDllUnloadOnStop"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WcesComm]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,6f,00,62,00,69,\
00,6c,00,65,00,00,00
"DisplayName"="@%windir%\\WindowsMobile\\wcescomm.dll,-40079"
"DependOnService"=hex(7):52,00,61,00,70,00,69,00,4d,00,67,00,72,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="@%windir%\\WindowsMobile\\wcescomm.dll,-40080"
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:2c,01,00,00,00,00,00,00,00,00,00,00,03,00,00,00,00,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,\
00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,\
00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WcesComm\Parameters]
"ServiceDll"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,57,\
00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,6f,00,62,00,69,00,6c,00,65,00,\
5c,00,77,00,63,00,65,00,73,00,63,00,6f,00,6d,00,6d,00,2e,00,64,00,6c,00,6c,\
00,00,00
"ServiceMain"="ServiceMain"
"ServiceDllUnloadOnStop"=dword:00000001

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "ovfsthxccpincvp" found!
ImagePath: \systemroot\system32\drivers\ovfsthxkuibfcmo.sys
Start Type: 1 (System)

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "ovfsthxccpincvp" found!
ImagePath: \systemroot\system32\drivers\ovfsthxkuibfcmo.sys
Start Type: 4 (Disabled)

Rootkit scan completed.

Driver "ovfsthxccpincvp" deleted successfully.
File "c:\windows\system32\drivers\ovfsthxkuibfcmo.sys" deleted successfully.

Error: file "c:\windows\system32\ovfsthxbipypbvu.dat" not found!
Deletion of file "c:\windows\system32\ovfsthxbipypbvu.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\ovfsthxcvyxpvef.dat" not found!
Deletion of file "c:\windows\system32\ovfsthxcvyxpvef.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\ovfsthxehfxirci.dat" not found!
Deletion of file "c:\windows\system32\ovfsthxehfxirci.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\ovfsthxidscpexm.dll" not found!
Deletion of file "c:\windows\system32\ovfsthxidscpexm.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\ovfsthxitqqxbdd.dll" not found!
Deletion of file "c:\windows\system32\ovfsthxitqqxbdd.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\ovfsthxnsiqugmn.dll" not found!
Deletion of file "c:\windows\system32\ovfsthxnsiqugmn.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\ovfsthxrgnuyreu.dll" not found!
Deletion of file "c:\windows\system32\ovfsthxrgnuyreu.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\ovfsthxuctkxewy.dll" not found!
Deletion of file "c:\windows\system32\ovfsthxuctkxewy.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\ovfsthxvvvjrivf.dll" not found!
Deletion of file "c:\windows\system32\ovfsthxvvvjrivf.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\ovfsthxwqfjvptd.dat" not found!
Deletion of file "c:\windows\system32\ovfsthxwqfjvptd.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\ovfsthxdkpxitqt.dat" deleted successfully.
File "c:\windows\system32\ovfsthxertifprn.dll" deleted successfully.
File "c:\windows\system32\ovfsthxpufemwox.dll" deleted successfully.
File "c:\windows\system32\ovfsthxvnuyrchi.dat" deleted successfully.
File "c:\windows\system32\ovfsthxxreccipb.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

ComboFix 09-05-03.6 - laura 05/05/2009 0:00.11 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1066 [GMT 2:00]
Lancé depuis: c:\users\laura\Desktop\Nouveau dossier (2)\ComboFix.exe
Commutateurs utilisés :: c:\users\laura\Desktop\CFScript.txt

FILE ::
c:\windows\system32\lmppcsetup.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lmppcsetup.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-04 au 2009-05-04 ))))))))))))))))))))))))))))))))))))
.

2009-04-29 22:12 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\programdata\Avira
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\users\All Users\Avira
2009-04-29 22:12 . 2009-04-29 22:12 -------- d-----w c:\program files\Avira
2009-04-29 21:52 . 2009-04-29 21:52 -------- d-----w c:\programdata\NortonInstaller
2009-04-29 21:52 . 2009-04-29 21:52 -------- d-----w c:\users\All Users\NortonInstaller
2009-04-27 17:43 . 2009-04-27 17:44 -------- d-----w C:\ToolBar SD
2009-04-26 11:01 . 2006-11-06 01:12 167936 ----a-w c:\windows\system32\igfxres.dll
2009-04-19 11:59 . 2009-04-19 11:59 -------- d-----w c:\users\laura\AppData\Roaming\vlc
2009-04-19 11:58 . 2009-04-28 21:43 -------- d-----w c:\users\laura\AppData\Roaming\dvdcss
2009-04-19 11:57 . 2009-04-19 11:57 -------- d-----w c:\program files\VideoLAN
2009-04-17 23:48 . 2009-04-17 23:48 -------- d-----w c:\programdata\ALM
2009-04-17 23:48 . 2009-04-17 23:48 -------- d-----w c:\users\All Users\ALM
2009-04-17 23:43 . 2009-04-17 23:43 -------- d-----w c:\users\laura\{0e7333d5-6a0e-4fca-80d5-a1e30d8cd71a}
2009-04-17 23:42 . 2008-04-07 03:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-17 23:14 . 2009-04-17 23:14 -------- d-----w c:\users\All Users\Macromedia
2009-04-17 23:12 . 2009-04-17 23:12 -------- d-----w c:\program files\Common Files\Macromedia
2009-04-17 23:12 . 2009-04-17 23:14 -------- d-----w c:\program files\Macromedia
2009-04-17 23:09 . 2009-04-17 23:09 -------- d-----w c:\windows\Downloaded Installations
2009-04-16 20:13 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 20:13 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 20:13 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 20:54 . 2007-05-06 20:21 -------- d-----w c:\program files\flashfxp2
2009-05-04 15:25 . 2006-11-02 15:48 669566 ----a-w c:\windows\system32\perfh00C.dat
2009-05-04 15:25 . 2006-11-02 15:48 123556 ----a-w c:\windows\system32\perfc00C.dat
2009-05-04 15:15 . 2007-05-06 00:54 -------- d-----w c:\program files\MSN Messenger
2009-04-29 21:54 . 2006-12-04 23:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-26 11:01 . 2006-12-04 23:53 -------- d-----w c:\program files\Common Files\Adobe
2009-04-23 00:39 . 2007-07-19 21:54 680 ----a-w c:\users\laura\AppData\Local\d3d9caps.dat
2009-04-18 00:08 . 2007-04-26 02:27 101808 ----a-w c:\users\laura\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 01:10 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-17 03:38 . 2009-04-16 20:12 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 20:12 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-16 20:12 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 20:12 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 20:12 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 20:12 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 20:12 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 20:12 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 20:12 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 20:12 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 20:12 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 20:12 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 20:12 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 20:12 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 20:12 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 20:12 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 20:12 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:26 . 2009-02-08 13:14 28672 ----a-w c:\users\laura\ieframes.dll
2009-02-09 03:10 . 2009-03-10 23:43 2033152 ----a-w c:\windows\system32\win32k.sys
2008-12-06 21:54 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot_2009-04-30_16.49.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-02 11:20 . 2009-04-11 06:28 51712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wrpint.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 83968 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wmiutils.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 30208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemprox.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 35328 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mspatcha.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 22016 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsMsg.dll
+ 2006-12-04 23:29 . 2009-05-04 20:25 59492 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-04 20:25 76936 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-04-26 02:29 . 2009-05-04 20:25 16916 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4116711127-2190578320-1854897596-1000_UserData.bin
- 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-26 02:22 . 2009-05-04 17:44 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-26 02:22 . 2009-05-04 17:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-04-26 02:22 . 2009-04-30 16:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-04 15:15 . 2009-05-04 15:15 29926 c:\windows\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
- 2007-05-08 09:47 . 2007-05-08 09:47 29926 c:\windows\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2009-05-02 11:20 . 2009-04-11 06:28 182784 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\xmllite.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 218624 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wdscore.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 744448 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcore.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 357888 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcomn.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 116736 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smipi.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 139264 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\SmiInstaller.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 705536 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smiengine.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 126464 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\rescinst.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\repdrvfs.dll
+ 2009-05-02 11:20 . 2009-04-11 06:27 119296 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe
+ 2009-05-02 11:20 . 2009-04-11 06:27 130560 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\PkgMgr.exe
+ 2009-05-02 11:20 . 2009-04-11 06:28 146432 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\OEMHelpIns.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 305152 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\msdelta.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 102400 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofinstall.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 189440 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofd.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 222720 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\locdrv.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\helpcins.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 614912 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\fastprox.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\esscli.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 247808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\drvstore.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\DrUpdate.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 258048 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\dpx.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 243712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CntrtextInstaller.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 271360 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmitrust.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 119808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiadapter.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 535040 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsCore.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 199168 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apss.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 222208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apircl.dll
+ 2007-05-06 16:31 . 2009-05-01 15:48 261974 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-05-04 15:25 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-29 22:05 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-29 22:05 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-04 15:25 101250 c:\windows\System32\perfc009.dat
+ 2009-05-02 11:20 . 2009-04-11 06:28 1835520 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wcp.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 2032640 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiv2.dll
+ 2009-05-02 11:20 . 2009-04-11 06:28 1744384 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apds.dll
- 2006-11-02 10:22 . 2009-04-30 16:48 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-05-03 21:37 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-19 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{563405B8-597C-4751-B280-C4C81ABEC857}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{46EE4B93-A4DA-4D5E-AE0B-CB41C869FB60}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{CA161B11-DCAD-4A0D-BC9E-8B7DBBE8C8EF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D41EBB7D-C223-4898-ABC7-483F3A8B0676}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3D6D0C12-FC33-4137-9ECA-A01A2A8C3F4B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D9FF0D49-72E2-413E-B8A3-AF74A4842A37}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{56E69995-5A58-4238-8906-F8A377A7F295}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{126A5CD0-13FA-4E31-BD7B-F00BC70EABCE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E112A387-01B3-49FB-8EBD-1F281CCF0322}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{02EA2B24-381D-4FB8-BACA-3EA6F0E291B8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{780108FA-4A1B-4D68-A47C-7EB781DBCECB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{327E38DC-621E-404B-BAE4-2DCB38506F99}"= UDP:5353:Adobe CSI CS4
"{69CB9766-D606-4511-B847-4CBA64B3D69A}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0DC0D04F-7DBD-45DC-8A21-D4A5F06DE3D8}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C195398B-AC6C-4D3B-A9D1-819F5862E2A3}"= UDP:c:\windows\explorer.exe:Explorer
"{B3244588-EB8C-4C77-813D-B1E2972879B0}"= TCP:c:\windows\explorer.exe:Explorer
"{B52C2D2C-9050-4DBB-BD56-717C660EEF66}"= UDP:c:\program files\iPod\bin\iPodService.exe:iPodService
"{3A2EFAE8-9D37-407C-ACFA-704A86026203}"= TCP:c:\program files\iPod\bin\iPodService.exe:iPodService
"{9F07C288-8785-42C2-8A6A-F01B3848C582}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{9E2B81AF-5ECF-4E7C-8BBA-8D0234AFFF29}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{9E27014E-3E7A-4525-B212-FAF85EFA4C09}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{90B9A85A-655F-49D7-9E73-266603FBB82F}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{BB2DA67B-C03D-4C63-A7D6-99399D156E35}"= UDP:c:\windows\System32\services.exe:services
"{BBD144A0-82B0-4344-BA4F-0A4FC948BE23}"= TCP:c:\windows\System32\services.exe:services
"{2023CF5E-A4F6-4912-BE56-0290EC08E816}"= UDP:c:\users\laura\AppData\Local\Temp\7zS16D2.tmp\SymNRT.exe:Norton Removal Tool
"{A60845A2-B98D-4A61-8EF6-4DEA2D525179}"= TCP:c:\users\laura\AppData\Local\Temp\7zS16D2.tmp\SymNRT.exe:Norton Removal Tool
"{169E4D6B-02B3-4481-9FFA-7A4A5EC02424}"= UDP:c:\users\laura\AppData\Local\Temp\7zSBD00.tmp\SymNRT.exe:Norton Removal Tool
"{EED7E065-BE81-4115-820E-B62E9C2A367E}"= TCP:c:\users\laura\AppData\Local\Temp\7zSBD00.tmp\SymNRT.exe:Norton Removal Tool
"{0B21B75F-0F2C-47A3-A33F-D338CAFBF411}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabledecryption

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'

2009-05-04 c:\windows\Tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job
- c:\windows\system32\msfeedssync.exe [2008-12-06 07:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 00:05
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(6108)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
c:\windows\system32\eDStoolbar.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Acer Arcade Deluxe\DVDivine\Kernel\Video\CLMedia.dll
c:\program files\Acer Arcade Deluxe\VideoMagician\Kernel\EditMovie\MDTLM1Splter.ax
c:\program files\Acer Arcade Deluxe\VideoMagician\Kernel\EditMovie\MDTLM2Splter.ax
c:\windows\system32\vsfilter.dll
c:\windows\system32\3ivxDSMediaSplitter.ax
c:\windows\system32\OpenQuicktimeLib.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Launch Manager\LManager.exe
c:\users\laura\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\System32\igfxsrvc.exe
c:\acer\Empowering Technology\eNet\eNMTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\igfxext.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-05-04 0:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-04 22:12
ComboFix2.txt 2009-05-02 13:53
ComboFix3.txt 2009-05-01 17:34
ComboFix4.txt 2009-05-01 01:30
ComboFix5.txt 2009-05-04 21:57

Avant-CF: 34 746 855 424 octets libres
Après-CF: 34 339 352 576 octets libres

320 --- E O F --- 2009-05-04 15:17

Voici le document log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by laura at 2009-05-05 00:26:27
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 33 GB (45%) free of 73 GB
Total RAM: 2037 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:26:56, on 05/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\laura\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\laura\Desktop\RSIT.exe
C:\Program Files\trend micro\laura.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c9dd6112b104654f.spaces [...] dfr-fr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/J [...] 586-jc.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telech [...] oader4.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10468 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{4C38419B-F1DA-4E7D-A30D-885537A9CECF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-19 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-09-04 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-04 2436160]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-11-22 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-11-22 7757824]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-11-22 81920]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-11-06 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-06 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-06 81920]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-08 614400]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-07 464168]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-19 185896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-06 212992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabledecryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-05-05 00:26:28 ----D---- C:\Program Files\trend micro
2009-05-05 00:26:27 ----D---- C:\rsit
2009-05-05 00:13:00 ----A---- C:\ComboFix.txt
2009-05-05 00:03:11 ----D---- C:\Windows\temp
2009-05-04 22:19:44 ----A---- C:\avenger.txt
2009-05-04 19:43:52 ----D---- C:\Avenger
2009-05-04 17:15:10 ----SHD---- C:\Config.Msi
2009-05-01 17:40:49 ----A---- C:\Windows\ntbtlog.txt
2009-04-30 00:12:32 ----D---- C:\ProgramData\Avira
2009-04-30 00:12:32 ----D---- C:\Program Files\Avira
2009-04-29 23:52:05 ----D---- C:\ProgramData\NortonInstaller
2009-04-27 19:43:26 ----D---- C:\ToolBar SD
2009-04-26 15:38:40 ----A---- C:\Windows\zip.exe
2009-04-26 15:38:40 ----A---- C:\Windows\vFind.exe
2009-04-26 15:38:40 ----A---- C:\Windows\SWXCACLS.exe
2009-04-26 15:38:40 ----A---- C:\Windows\SWSC.exe
2009-04-26 15:38:40 ----A---- C:\Windows\SWREG.exe
2009-04-26 15:38:40 ----A---- C:\Windows\sed.exe
2009-04-26 15:38:40 ----A---- C:\Windows\NIRCMD.exe
2009-04-26 15:38:40 ----A---- C:\Windows\grep.exe
2009-04-26 15:38:09 ----D---- C:\Qoobox
2009-04-26 13:01:46 ----A---- C:\Windows\system32\igfxres.dll
2009-04-19 13:59:12 ----D---- C:\Users\laura\AppData\Roaming\vlc
2009-04-19 13:58:01 ----D---- C:\Users\laura\AppData\Roaming\dvdcss
2009-04-19 13:57:16 ----D---- C:\Program Files\VideoLAN
2009-04-18 01:48:16 ----D---- C:\ProgramData\ALM
2009-04-18 01:42:53 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2009-04-18 01:14:47 ----D---- C:\ProgramData\Macromedia
2009-04-18 01:12:24 ----D---- C:\Program Files\Common Files\Macromedia
2009-04-18 01:12:23 ----D---- C:\Program Files\Macromedia
2009-04-18 01:09:56 ----D---- C:\Windows\Downloaded Installations
2009-04-16 22:13:04 ----A---- C:\Windows\system32\winhttp.dll
2009-04-16 22:13:00 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 22:13:00 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-16 22:12:52 ----A---- C:\Windows\system32\rpcss.dll
2009-04-16 22:12:51 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-16 22:12:51 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-16 22:12:49 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-16 22:12:49 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-16 22:12:48 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-16 22:12:48 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-16 22:12:48 ----A---- C:\Windows\system32\iashost.exe
2009-04-16 22:12:48 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-16 22:12:48 ----A---- C:\Windows\system32\iasads.dll
2009-04-16 22:12:43 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-16 22:12:42 ----A---- C:\Windows\system32\secur32.dll
2009-04-16 22:12:42 ----A---- C:\Windows\system32\kernel32.dll
2009-04-16 22:12:42 ----A---- C:\Windows\system32\apilogen.dll
2009-04-16 22:12:42 ----A---- C:\Windows\system32\amxread.dll
2009-04-16 22:12:36 ----A---- C:\Windows\system32\mshtml.dll
2009-04-16 22:12:34 ----A---- C:\Windows\system32\ieframe.dll
2009-04-16 22:12:33 ----A---- C:\Windows\system32\urlmon.dll
2009-04-16 22:12:32 ----A---- C:\Windows\system32\iertutil.dll
2009-04-16 22:12:32 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-16 22:12:30 ----A---- C:\Windows\system32\wininet.dll
2009-04-16 22:12:30 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-16 22:12:29 ----A---- C:\Windows\system32\occache.dll
2009-04-16 22:12:29 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-16 22:12:29 ----A---- C:\Windows\system32\ieencode.dll
2009-04-16 22:12:29 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-16 22:12:27 ----A---- C:\Windows\system32\mstime.dll
2009-04-16 22:12:26 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2009-05-05 00:26:28 ----RD---- C:\Program Files
2009-05-05 00:13:03 ----D---- C:\Windows\system32\fr-FR
2009-05-05 00:13:03 ----D---- C:\Windows\System32
2009-05-05 00:13:02 ----D---- C:\Windows\system32\drivers
2009-05-05 00:13:01 ----D---- C:\Windows
2009-05-05 00:05:15 ----A---- C:\Windows\system.ini
2009-05-05 00:02:12 ----D---- C:\Windows\AppPatch
2009-05-05 00:02:11 ----D---- C:\Program Files\Common Files
2009-05-04 23:59:13 ----D---- C:\Windows\Prefetch
2009-05-04 23:58:18 ----SHD---- C:\System Volume Information
2009-05-04 22:54:40 ----D---- C:\Program Files\flashfxp2
2009-05-04 17:25:15 ----D---- C:\Windows\inf
2009-05-04 17:25:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-04 17:15:18 ----SHD---- C:\Windows\Installer
2009-05-04 17:15:11 ----D---- C:\Program Files\MSN Messenger
2009-05-03 03:00:41 ----D---- C:\Windows\winsxs
2009-05-02 17:57:12 ----D---- C:\Windows\Minidump
2009-05-02 03:00:48 ----D---- C:\ProgramData\Microsoft Help
2009-05-01 03:15:23 ----HD---- C:\ProgramData
2009-04-30 18:48:23 ----D---- C:\Windows\system32\catroot
2009-04-30 08:35:12 ----D---- C:\Windows\system32\catroot2
2009-04-29 23:54:01 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-04-27 19:44:02 ----A---- C:\TB.txt
2009-04-27 19:20:45 ----SHD---- C:\$RECYCLE.BIN
2009-04-26 19:16:06 ----HD---- C:\Windows\system32\GroupPolicy
2009-04-26 15:52:18 ----D---- C:\Windows\system32\config
2009-04-26 15:52:02 ----D---- C:\Windows\ERDNT
2009-04-26 13:01:52 ----D---- C:\Program Files\Common Files\Adobe
2009-04-18 03:38:35 ----D---- C:\Users\laura\AppData\Roaming\Adobe
2009-04-18 01:51:31 ----D---- C:\Program Files\Adobe
2009-04-18 01:43:09 ----D---- C:\ProgramData\Adobe
2009-04-18 01:39:51 ----RSD---- C:\Windows\Fonts
2009-04-18 01:14:58 ----SD---- C:\Users\laura\AppData\Roaming\Microsoft
2009-04-17 03:10:57 ----D---- C:\Windows\system32\wbem
2009-04-17 03:10:57 ----D---- C:\Program Files\Windows Mail
2009-04-17 03:10:56 ----D---- C:\Windows\system32\manifeststore
2009-04-17 03:10:56 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 irda;Protocole IrDA; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 506368]
R3 bcm4sbxp;Pilote XP du contrôleur intégré Broadcom 440x 10/100; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 Cam5603D;Acer OrbiCam; C:\Windows\System32\Drivers\BisonCam.sys [2005-11-29 806320]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-25 76928]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-05 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R4 catchme;catchme; \??\C:\Users\laura\AppData\Local\Temp\catchme.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-11-22 4455264]
S3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2007-05-02 83592]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-19 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-11-30 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 118784]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-11-16 45056]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 131072]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-18 655624]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-04 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------










Et info.txt:

info.txt logfile of random's system information tool 1.06 2009-05-05 00:26:59

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer OrbiCam -->C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\setup.exe -runfromtemp -l0x040c -removeonly
Acer OrbiCam-->Rundll32.exe BisonRem.dll,WinMainRmv
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{B1EF7B00-8FCC-4209-BFB6-37C50B354B2A}
Adobe Creative Suite 4 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS4 Extension - Flash Lite STI fr-->MsiExec.exe /I{BD423B54-8668-44B6-8610-D24514445E88}
Adobe Flash CS4 STI-fr-->MsiExec.exe /I{48F9998C-3BA0-42D3-82E6-5882441EB8CE}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{9D3F3D5A-BE6D-48C4-B51E-E2D6753ABCDE}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ajouter ou supprimer Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\e79070e1ef25043cbd93191267ecaf0\Setup.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Clean Virus MSN-->"C:\Program Files\AxBx\Clean Virus MSN\unins000.exe"
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrSUN32z.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 2.46 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Malwarebytes' Anti-Malware-->"C:\Users\laura\Desktop\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roll-->C:\Windows\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SMSC Fast Infrared Driver-->C:\Program Files\InstallShield Installation Information\{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}\setup.exe -runfromtemp -l0x040c -removeonly
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SuperCopier-->"C:\Program Files\SuperCopier\SCUninst.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
UsbFix-->C:\Program Files\UsbFix\Uninstal.exe
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC-de-laura
Event Code: 7031
Message: Le service eLock Service s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service.
Record Number: 205797
Source Name: Service Control Manager
Time Written: 20090504215917.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-laura
Event Code: 7031
Message: Le service Windows Search s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.
Record Number: 205798
Source Name: Service Control Manager
Time Written: 20090504215918.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-laura
Event Code: 7031
Message: Le service Licence du logiciel s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 120000 millisecondes : Redémarrer le service.
Record Number: 205800
Source Name: Service Control Manager
Time Written: 20090504215953.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-laura
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 205845
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090504220340.993000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-laura
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 205855
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090504220442.676755-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-laura
Event Code: 4113
Message: AntiVir a détecté dans le fichier C:\Avenger\ovfsthxxreccipb.dll un code suspect avec la désignation 'TR/Crypt.ZPACK.Gen'!
Record Number: 62971
Source Name: Avira AntiVir
Time Written: 20090504204746.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-laura
Event Code: 4113
Message: AntiVir a détecté dans le fichier C:\Avenger\ovfsthxpufemwox.dll un code suspect avec la désignation 'TR/Crypt.ZPACK.Gen'!
Record Number: 62972
Source Name: Avira AntiVir
Time Written: 20090504204758.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-laura
Event Code: 1002
Message: Le programme Explorer.EXE version 6.0.6001.18164 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : bf4 Heure de début : 01c9ccf64bba4554 Heure de fin : 103
Record Number: 62973
Source Name: Application Hang
Time Written: 20090504213428.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-laura
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4116711127-2190578320-1854897596-1000:
Process 980 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4116711127-2190578320-1854897596-1000

Record Number: 62992
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090504220330.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-laura
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4116711127-2190578320-1854897596-1000_Classes:
Process 980 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4116711127-2190578320-1854897596-1000_CLASSES

Record Number: 62993
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090504220331.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: PC-de-laura
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-LAURA$
Domaine du compte : DOMICILE
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Boot\pt-PT\bootmgr.exe.mui
ID du handle : 0x100

Informations sur le processus :
ID du processus : 0xd3c
Nom du processus : C:\Windows\bfsvc.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 54862
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081206215358.752102-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-laura
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-LAURA$
Domaine du compte : DOMICILE
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Boot\ru-RU\bootmgr.exe.mui
ID du handle : 0xe8

Informations sur le processus :
ID du processus : 0xd3c
Nom du processus : C:\Windows\bfsvc.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 54863
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081206215358.762102-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-laura
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-LAURA$
Domaine du compte : DOMICILE
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Boot\sv-SE\bootmgr.exe.mui
ID du handle : 0xf8

Informations sur le processus :
ID du processus : 0xd3c
Nom du processus : C:\Windows\bfsvc.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 54864
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081206215358.767102-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-laura
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-LAURA$
Domaine du compte : DOMICILE
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Boot\tr-TR\bootmgr.exe.mui
ID du handle : 0xe4

Informations sur le processus :
ID du processus : 0xd3c
Nom du processus : C:\Windows\bfsvc.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 54865
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081206215358.777102-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-laura
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-LAURA$
Domaine du compte : DOMICILE
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Boot\zh-CN\bootmgr.exe.mui
ID du handle : 0xfc

Informations sur le processus :
ID du processus : 0xd3c
Nom du processus : C:\Windows\bfsvc.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 54866
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081206215358.787102-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION"=0e0c
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

merci merci MERCIIIIIIIII Visiblement les virus ont été supprimés. Par contre j'ai pas réussi à trouver java 6. Et puis mon ordinateur bug sur internet....au bout d'un certain moment toutes les pages se bloquent et windows fini par me dire qu'il a rencontré une erreur et qu'il doit fermer l'application donc il ferme toutes mes pages...J'ai refais un scan avec avira et il ne m'a detecté aucun élément positif.

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

? [5108]

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0

Mbam a trouvé des erreurs, voici le rapport:

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2079
Windows 6.0.6001 Service Pack 1

06/05/2009 00:25:21
mbam-log-2009-05-06 (00-25-21).txt

Type de recherche: Examen rapide
Eléments examinés: 70469
Temps écoulé: 4 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.

Pour le moment ca a l'air d'aller, je regarderai demain si je ne rencontre aucun problème et je viendrai dire ce qu'il en est.
En tous cas merci pour tout!

Alors les nouvelles du jour: plus de problème d'internet, tout semble être rentré dans l'ordre. Par contre (pour changer) j'ai relancé un scan avec spybot pour être sure et il me trouve toujours rightmedia... Il me dit que c'est un cookie traceur mais je sais ce que c'est!

Merci pour tout!!!
Bonne continuation!