Ralentissement du moteur graphique.. inquiétant

Un bonjour ?

Je ne pense pas à une infection.

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

Double clique sur HJTInstall.exe pour lancer l'installation.

Clique sur Install.

Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)

Accepte la licence en cliquant sur Yes.

Clique sur Do a system scan and save a logfile.

Poste ici le rapport généré.

Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

Aide : Comment utiliser HijackThis.

Bonjour , excusez moi , voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:36, on 27/05/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Users\Tenshi\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\wuauclt.exe
D:\Video cocan\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://princesse-de-son-royaume.skyrock.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cegetel.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [0232801200136732mcinstcleanup] C:\Users\Tenshi\AppData\Local\Temp\023280~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "D:\Tout steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0....
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11034 bytes

Re,

Et bah il y a bien une infection.

Télécharge ComboFix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)

Double clique sur ComboFix.exe.

Accepte la licence en cliquant sur Oui.

Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !

Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

Voilà le rapport de combofix ( merci encore ) :


ComboFix 09-05-28.01 - Tenshi 28/05/2009 23:30.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2046.1311 [GMT 2:00]
Lancé depuis: d:\sauver l'ordi\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\setup.exe
c:\windows\system32\system
c:\windows\system32\system\Core.dll
c:\windows\system32\system\Engine.dll.zip
c:\windows\system32\system\GameGuard.des
c:\windows\system32\system\L2.bin
c:\windows\system32\system\L2.bin.zip
c:\windows\system32\system\Lineage2us.ini
c:\windows\system32\system\Microsoft.VC80.OpenMP.manifest
c:\windows\system32\system\npkcrypt.sys
c:\windows\system32\system\npkcrypt.vxd
c:\windows\system32\system\npkcusb.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-28 ))))))))))))))))))))))))))))))))))))
.

2009-05-26 11:54 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{71506C29-A632-490B-BD71-45F164DCF830}\mpengine.dll
2009-05-25 21:34 . 2009-05-27 21:35 75096 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-25 21:34 . 2009-05-25 21:34 -------- d-----w c:\programdata\Avira
2009-05-25 21:34 . 2009-05-25 21:34 -------- d-----w c:\program files\Avira
2009-05-15 16:38 . 2009-05-15 16:38 -------- d-----w c:\program files\Smart Projects
2009-05-15 15:15 . 2008-03-21 22:41 503864 ----a-w c:\windows\system32\drivers\Wdf01000.sys
2009-05-15 15:15 . 2008-03-21 22:41 35896 ----a-w c:\windows\system32\drivers\WdfLdr.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 19:30 . 2006-11-02 15:48 690832 ----a-w c:\windows\system32\perfh00C.dat
2009-05-28 19:30 . 2006-11-02 15:48 117572 ----a-w c:\windows\system32\perfc00C.dat
2009-05-28 19:27 . 2008-10-18 10:34 -------- d-----w c:\users\Tenshi\AppData\Roaming\Skype
2009-05-28 19:26 . 2008-10-18 10:39 -------- d-----w c:\users\Tenshi\AppData\Roaming\skypePM
2009-05-28 07:16 . 2008-01-12 14:49 27430 ----a-w c:\users\Tenshi\AppData\Roaming\nvModes.dat
2009-05-23 22:39 . 2007-07-12 11:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-23 14:10 . 2009-01-24 15:28 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-23 13:58 . 2009-01-24 15:28 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 15:15 . 2009-05-15 15:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-05-15 15:15 . 2009-05-15 15:15 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-13 21:21 . 2007-07-12 12:40 -------- d-----w c:\programdata\Microsoft Help
2009-04-26 21:28 . 2009-04-26 21:28 -------- d-----w c:\program files\ReflexiveArcade
2009-04-19 15:04 . 2009-04-19 15:04 -------- d-----w c:\programdata\BOONTY
2009-04-19 15:04 . 2009-04-19 15:04 -------- d-----w c:\program files\Common Files\BOONTY Shared
2009-04-19 15:04 . 2009-04-19 15:04 -------- d-----w c:\program files\Téléchargeur de Commandos 2
2009-04-08 12:29 . 2009-04-08 12:29 56448 ----a-w c:\windows\system32\drivers\xusb21.sys
2009-03-17 03:16 . 2009-04-15 06:04 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-15 06:04 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-13 21:20 . 2009-01-24 15:28 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-13 20:15 . 2009-01-24 15:28 22328 ----a-w c:\users\Tenshi\AppData\Roaming\PnkBstrK.sys
2009-03-13 20:15 . 2009-01-24 15:28 22328 ----a-w c:\users\Tenshi\AppData\Roaming\PnkBstrK.sys
2009-03-09 04:19 . 2009-01-25 20:23 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:24 . 2009-04-15 06:04 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:24 . 2009-04-15 06:04 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:20 . 2009-04-15 06:04 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-15 06:04 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-15 06:04 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-15 06:04 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-15 06:03 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-15 06:04 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-15 06:04 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-15 06:04 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-15 06:04 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-15 06:04 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-15 06:04 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-15 06:03 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-15 06:03 48128 ----a-w c:\windows\system32\mshtmler.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-13 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-01 171448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"Steam"="d:\tout steam\Steam.exe" [2009-05-24 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 1470976]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 242280]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"Krait"="c:\program files\Razer\Krait\razerhid.exe" [2006-01-24 147456]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2B6022EB-BC39-4FB4-8512-6C02FDAC55D1}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{C12BABA0-7FD9-4605-9C08-C7C4F87450EC}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe VDivine
"{BF21078F-1B9B-4C4F-B913-7FD3AEE009DD}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{609981F7-6F29-4587-9783-8161FC32A29F}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{09397485-A86C-4071-8C45-6E794711811C}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe V Wizard
"{D99F6974-76AD-4F54-9D2D-F3EB787088A2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F66ACF47-44DF-404F-A405-50DCE4E7B69A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CC9C9A1C-88AB-418F-929F-9E761C918C92}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe lay Movie
"{ADD6ECC5-5D56-4CA6-9EB6-BF548ECFC1F7}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe lay Movie Resident Program
"{A2C2FB59-27A1-4073-BAED-6E85A525FCDE}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"TCP Query User{04853DD5-2923-4946-985A-A7A344F580C8}c:\\program files\\diablo ii\\game.exe"= UDP:c:\program files\diablo ii\game.exe iablo II
"UDP Query User{7C74DF50-D767-43C2-99C5-D054393E1C50}c:\\program files\\diablo ii\\game.exe"= TCP:c:\program files\diablo ii\game.exe iablo II
"TCP Query User{85B86416-B49E-4A95-8C93-FCAE51D8380E}c:\\program files\\diablo ii\\game.exe"= UDP:c:\program files\diablo ii\game.exe iablo II
"UDP Query User{2265F56A-DEE2-4ACA-B230-D7E276A39EB5}c:\\program files\\diablo ii\\game.exe"= TCP:c:\program files\diablo ii\game.exe iablo II
"TCP Query User{96287F11-83B3-47F7-A144-B66EC3B6E584}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= UDP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"UDP Query User{2169CCAB-E7E4-4749-8C57-248F8D89F767}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= TCP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"TCP Query User{D4BBE491-34A1-4724-84A3-174353291B02}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= UDP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"UDP Query User{53AE0AEE-7684-4C68-8702-0F7DC5B1E3AD}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= TCP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"{5C9D6B4F-4DA6-4366-B302-A88FCBB57295}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3DDA6A49-C500-424A-882A-0D5949C340CE}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{367B5D11-CC00-409D-9843-B86D333CC49D}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0C26F977-443B-4ACC-8FED-C5AB6D138E55}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{31B095C3-F4A8-407B-88B1-3A1E823CCA8E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{FCB87D11-F8CD-4C9E-B434-F997D043F41B}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= UDP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"UDP Query User{9828EF20-4966-4E7B-AC23-59ACC9F3AE35}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= TCP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"TCP Query User{A304EBEA-FCA8-451C-B9A2-D5F5812D5B52}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= UDP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"UDP Query User{EF8B0215-EAAA-4A56-9F1B-8176FD39132A}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= TCP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"TCP Query User{F505F978-9418-4F85-A245-1478EB96E11F}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= UDP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"UDP Query User{E1AB6EB6-68C8-4416-855F-D29916AE7272}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= TCP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"TCP Query User{FA9BB106-6323-44B3-8243-3A9951F90054}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= UDP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"UDP Query User{2AADC0E7-4AED-417F-ACE8-B2B2D1CA7BAF}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= TCP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"{35ACC38A-11EE-4E36-9410-ADD3159104A1}"= UDP :\steam.exe:Steam
"{7BE1017B-C430-4E67-A9BE-B0C3DFB4B9DA}"= TCP :\steam.exe:Steam
"TCP Query User{EC90E3E2-3C1E-4490-B5BF-959A1BCF6A49}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{5E625F98-1926-45DD-835C-07A86A5A39C1}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"TCP Query User{EA93C274-C331-4C18-B04D-0D59178CA52B}d:\\wow\\wow-frfr-installer-downloader.exe"= UDP :\wow\wow-frfr-installer-downloader.exe:Blizzard Downloader
"UDP Query User{55A0145E-5975-4FD2-A5D4-B0740D86836D}d:\\wow\\wow-frfr-installer-downloader.exe"= TCP :\wow\wow-frfr-installer-downloader.exe:Blizzard Downloader
"TCP Query User{890541F0-080C-47A9-A432-A0ADBB93B84B}d:\\wow\\world of warcraft\\backgrounddownloader.exe"= UDP :\wow\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{F3FE1CFC-0876-4A15-AB44-ABADDFDF63D6}d:\\wow\\world of warcraft\\backgrounddownloader.exe"= TCP :\wow\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{38C22F30-7065-495F-A747-7643DD2D0ECF}d:\\video cocan\\zerg_reveal_final_french_xvid.avi-downloader.exe"= UDP :\video cocan\zerg_reveal_final_french_xvid.avi-downloader.exe:Blizzard Downloader
"UDP Query User{3A39F390-4EB2-4485-B0A3-A5BDF65AA7AD}d:\\video cocan\\zerg_reveal_final_french_xvid.avi-downloader.exe"= TCP :\video cocan\zerg_reveal_final_french_xvid.avi-downloader.exe:Blizzard Downloader
"TCP Query User{4D2110B8-4C5A-451C-B7FB-6AB3DA46A802}d:\\video cocan\\720_starcraft2gameplayvideo_french.avi-downloader.exe"= UDP :\video cocan\720_starcraft2gameplayvideo_french.avi-downloader.exe:Blizzard Downloader
"UDP Query User{BC747F2E-5989-426E-BF36-DC93B4839300}d:\\video cocan\\720_starcraft2gameplayvideo_french.avi-downloader.exe"= TCP :\video cocan\720_starcraft2gameplayvideo_french.avi-downloader.exe:Blizzard Downloader
"{D75281F0-0060-4018-AA1E-75C6A72BB071}"= UDP:c:\program files\Cegetel\C-BOX\Wizard\NA_Cegetel_ADSL_VoIP.exe:Installation de la C-BOX de Cegetel
"{7A30D394-0401-4B86-9944-AB86E277265E}"= TCP:c:\program files\Cegetel\C-BOX\Wizard\NA_Cegetel_ADSL_VoIP.exe:Installation de la C-BOX de Cegetel
"TCP Query User{BB9D104C-E483-433B-862D-85E8AD9194F0}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{12F7546A-58D0-4C99-B98F-7C41BE0498B6}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"{77AA4B16-D7C9-45E3-A9E7-C9DED33939CD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{6DD3B994-E6CA-4156-B44D-D5B1B336AE4F}d:\\nouveau porte-documents\\starcraft\\starcraft.exe"= UDP :\nouveau porte-documents\starcraft\starcraft.exe:Starcraft
"UDP Query User{B396D06B-E9C2-4BFA-9B20-78AE95B61221}d:\\nouveau porte-documents\\starcraft\\starcraft.exe"= TCP :\nouveau porte-documents\starcraft\starcraft.exe:Starcraft
"TCP Query User{37E5D663-5AFF-4A87-AD1A-BEE76E9580F7}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F99F69C9-644B-4B54-B30D-E93872D7D5A3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D5B733D7-1894-49A6-96B5-541F9179DE14}c:\\users\\tenshi\\appdata\\local\\temp\\msnmsgr.exe"= UDP:c:\users\tenshi\appdata\local\temp\msnmsgr.exe:msnmsgr.exe
"UDP Query User{AB3DCF9E-7EF2-4B4F-89D0-82F55842C564}c:\\users\\tenshi\\appdata\\local\\temp\\msnmsgr.exe"= TCP:c:\users\tenshi\appdata\local\temp\msnmsgr.exe:msnmsgr.exe
"{76A91542-CD7E-41A5-8264-31AA1C128B69}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{17DAA8CF-EE92-4A11-BE4B-B99AB0F7C445}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{4D357D77-9569-4843-B272-E462839763EC}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{6227E296-FB40-4469-8FE1-076AD89471B7}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{C26EF467-03A5-4211-AFD0-D44431F881C0}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{16D1BB3F-9946-4C17-9FD3-E9FEC02DB49F}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{E4A6B7E1-ACFA-4F1A-8D34-B08B41D4EF07}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{D32D9E13-118C-4E32-83DF-B582650B42F2}"= UDP :\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{62FDB0B4-465D-47A6-B575-941A1F8F03B7}"= TCP :\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{F737D31A-0D7D-4D0A-B5E9-F1185D26234B}"= UDP :\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{094BCD1D-ED2C-4B34-A353-EF40879E77D1}"= TCP :\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{4673B916-0A5E-491F-A1DB-DD92809FAC8A}"= UDP :\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{91C329CD-55F5-449D-AD24-396EB71BA072}"= TCP :\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{34C46C7B-7DB0-4425-BFD1-0BEC66280E80}"= UDP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{A138830D-9A2E-4D0B-9981-A12E0152EF6A}"= TCP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{3358C7B8-977C-40C3-9189-757368503E7E}"= UDP:c:\windows\System32\PnkBstrB.exe nkBstrB
"{5BC5E3C9-D604-4F46-9C74-B0A8444E9ED0}"= TCP:c:\windows\System32\PnkBstrB.exe nkBstrB
"{D3E041E5-894D-4165-B169-3FFE843FB510}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{817892AC-CD7B-4D13-9F05-A57CC428328E}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{D15983B0-ACD5-484E-BD65-C5DB2FA7DFD5}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{0EF3F9BB-9C96-4C96-B0DD-E76160E13F13}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{89AB839D-61C6-44A6-A3E4-277A83D877F0}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead
"UDP Query User{BF512ADD-DB21-49DB-BA55-92230B69A121}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead
"TCP Query User{998BAC37-6D89-49B8-9C05-10233228343D}d:\\unreal tournament 3\\binaries\\ut3.exe"= UDP :\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{CE250ABF-E20E-40DB-800F-1B006285736F}d:\\unreal tournament 3\\binaries\\ut3.exe"= TCP :\unreal tournament 3\binaries\ut3.exe:UT3
"{EFB32335-EE18-4939-8BA5-F6337B31720D}"= UDP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{C6C5773A-EC87-4A57-813F-A46B62A727EC}"= TCP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{05487C9F-B65E-4B5A-902C-77CE7D8D3866}"= UDP:c:\windows\System32\PnkBstrB.exe nkBstrB
"{EC3E0839-A4CA-42E7-9BDC-21137ED47E66}"= TCP:c:\windows\System32\PnkBstrB.exe nkBstrB
"TCP Query User{F37A27DB-3DBC-46C9-8576-005A979C395A}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{80A8EBEE-F027-4724-A033-057D2A9A5D24}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2
"TCP Query User{0E3A95D1-B2F6-4803-86BB-AA6C9FC6502E}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{0477B483-1E01-41B4-A9B7-E9F0CB7DD73D}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [03/09/2007 21:41 13560]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [12/07/2007 15:03 50688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [12/07/2007 22:18 179712]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [12/07/2007 22:18 43008]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\System32\drivers\WlanUZXP.sys [13/01/2008 20:43 260608]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Configuration de la C-BOX - c:\program files\Cegetel\C-BOX\Wizard\QuickAccess.exe
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-eAudio - c:\acer\Empowering Technology\eAudio\eAudio.exe
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
SafeBoot-procexp90.Sys


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://princesse-de-son-royaume.skyrock.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 23:38
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-4259681360-494331265-772583463-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,ca,b7,86,51,59,55,3d,50,1e,eb,53,ba,c6,bd,1b,3f,9c,96,11,8c,8a,ef,
fe,ae,b9,55,a0,82,c9,5e,67,28,72,b7,25,fe,55,39,09,92,54,3e,27,3d,47,3d,d5,\
"??"=hex:fd,41,f2,56,f2,33,e5,62,61,72,c6,24,29,2d,97,e7

[HKEY_USERS\S-1-5-21-4259681360-494331265-772583463-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:5a,e7,6a,fb,87,19,0f,dc,fe,c0,29,bf,e6,80,4a,a4,33,34,a5,88,a3,
7b,ab,50,50,d4,f3,d2,66,bc,de,1f,a5,45,e4,14,0f,94,52,d1,a9,1d,3f,16,77,85,\
"rkeysecu"=hex:75,11,54,3b,a4,81,4c,b1,64,15,52,a1,d6,3f,98,bd

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Razer\Krait\razerofa.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\users\Tenshi\AppData\Local\temp\RtkBtMnt.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Heure de fin: 2009-05-28 23:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-28 21:41

Avant-CF: 27 543 248 896 octets libres
Après-CF: 28 599 906 304 octets libres

316 --- E O F --- 2009-05-26 11:54

Reposte un rapport Hijackthis.

Voilà , le rapport :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:30, on 29/05/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Users\Tenshi\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Tout steam\steam.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Video cocan\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://princesse-de-son-royaume.skyrock.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "D:\Tout steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0....
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9674 bytes

On continue.

Sélectionne l'intégralité du cadre ci-dessous :

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Enregistre le sous sur ton bureau sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

Cela va relancer Combofix.

Tu devras accepter la licence.

Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

&

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

[#FF0000]Aide :

Comment utiliser MBAM.

Comment faire démarrer son ordinateur en mode sans échec.

Voici combofix avec CFScript.txt :


ComboFix 09-05-28.01 - Tenshi 29/05/2009 19:00.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2046.1306 [GMT 2:00]
Lancé depuis: d:\sauver l'ordi\ComboFix.exe
Commutateurs utilisés :: c:\users\Tenshi\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-29 ))))))))))))))))))))))))))))))))))))
.

2009-05-29 17:04 . 2009-05-29 17:08 -------- d-----w c:\users\Tenshi\AppData\Local\temp
2009-05-29 07:30 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{29497F9A-D875-46BE-B6EB-A5E27C340A3D}\mpengine.dll
2009-05-25 21:34 . 2009-05-27 21:35 75096 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-25 21:34 . 2009-05-25 21:34 -------- d-----w c:\programdata\Avira
2009-05-25 21:34 . 2009-05-25 21:34 -------- d-----w c:\program files\Avira
2009-05-15 16:38 . 2009-05-15 16:38 -------- d-----w c:\program files\Smart Projects
2009-05-15 15:15 . 2008-03-21 22:41 503864 ----a-w c:\windows\system32\drivers\Wdf01000.sys
2009-05-15 15:15 . 2008-03-21 22:41 35896 ----a-w c:\windows\system32\drivers\WdfLdr.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 17:04 . 2007-04-25 14:33 299008 ----a-w c:\windows\system32\ActiveToolBand.dll
2009-05-29 16:57 . 2006-11-02 15:48 690832 ----a-w c:\windows\system32\perfh00C.dat
2009-05-29 16:57 . 2006-11-02 15:48 117572 ----a-w c:\windows\system32\perfc00C.dat
2009-05-29 16:53 . 2008-10-18 10:34 -------- d-----w c:\users\Tenshi\AppData\Roaming\Skype
2009-05-29 16:53 . 2008-10-18 10:39 -------- d-----w c:\users\Tenshi\AppData\Roaming\skypePM
2009-05-29 14:50 . 2008-01-12 14:49 27430 ----a-w c:\users\Tenshi\AppData\Roaming\nvModes.dat
2009-05-23 22:39 . 2007-07-12 11:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-23 14:10 . 2009-01-24 15:28 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-23 13:58 . 2009-01-24 15:28 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 15:15 . 2009-05-15 15:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-05-15 15:15 . 2009-05-15 15:15 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-13 21:21 . 2007-07-12 12:40 -------- d-----w c:\programdata\Microsoft Help
2009-04-26 21:28 . 2009-04-26 21:28 -------- d-----w c:\program files\ReflexiveArcade
2009-04-19 15:04 . 2009-04-19 15:04 -------- d-----w c:\programdata\BOONTY
2009-04-19 15:04 . 2009-04-19 15:04 -------- d-----w c:\program files\Common Files\BOONTY Shared
2009-04-19 15:04 . 2009-04-19 15:04 -------- d-----w c:\program files\Téléchargeur de Commandos 2
2009-04-08 12:29 . 2009-04-08 12:29 56448 ----a-w c:\windows\system32\drivers\xusb21.sys
2009-03-17 03:16 . 2009-04-15 06:04 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-15 06:04 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-13 21:20 . 2009-01-24 15:28 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-13 20:15 . 2009-01-24 15:28 22328 ----a-w c:\users\Tenshi\AppData\Roaming\PnkBstrK.sys
2009-03-13 20:15 . 2009-01-24 15:28 22328 ----a-w c:\users\Tenshi\AppData\Roaming\PnkBstrK.sys
2009-03-09 04:19 . 2009-01-25 20:23 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:24 . 2009-04-15 06:04 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:24 . 2009-04-15 06:04 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:20 . 2009-04-15 06:04 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-15 06:04 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-15 06:04 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-15 06:04 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-15 06:03 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-15 06:04 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-15 06:04 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-15 06:04 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-15 06:04 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-15 06:04 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-15 06:04 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-15 06:03 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-15 06:03 48128 ----a-w c:\windows\system32\mshtmler.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-28_21.38.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 11:43 . 2009-05-29 16:54 65366 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-29 16:54 84882 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-12 11:04 . 2009-05-29 16:54 12186 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4259681360-494331265-772583463-1000_UserData.bin
- 2009-05-28 21:35 . 2009-05-28 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-29 17:06 . 2009-05-29 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-29 17:06 . 2009-05-29 17:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-28 21:35 . 2009-05-28 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-05-28 19:30 610142 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-29 16:57 610142 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-28 19:30 103924 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-29 16:57 103924 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-13 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-01 171448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"Steam"="d:\tout steam\Steam.exe" [2009-05-24 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 1470976]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 242280]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"Krait"="c:\program files\Razer\Krait\razerhid.exe" [2006-01-24 147456]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2B6022EB-BC39-4FB4-8512-6C02FDAC55D1}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{C12BABA0-7FD9-4605-9C08-C7C4F87450EC}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe VDivine
"{BF21078F-1B9B-4C4F-B913-7FD3AEE009DD}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{609981F7-6F29-4587-9783-8161FC32A29F}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{09397485-A86C-4071-8C45-6E794711811C}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe V Wizard
"{D99F6974-76AD-4F54-9D2D-F3EB787088A2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F66ACF47-44DF-404F-A405-50DCE4E7B69A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CC9C9A1C-88AB-418F-929F-9E761C918C92}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe lay Movie
"{ADD6ECC5-5D56-4CA6-9EB6-BF548ECFC1F7}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe lay Movie Resident Program
"{A2C2FB59-27A1-4073-BAED-6E85A525FCDE}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"TCP Query User{04853DD5-2923-4946-985A-A7A344F580C8}c:\\program files\\diablo ii\\game.exe"= UDP:c:\program files\diablo ii\game.exe iablo II
"UDP Query User{7C74DF50-D767-43C2-99C5-D054393E1C50}c:\\program files\\diablo ii\\game.exe"= TCP:c:\program files\diablo ii\game.exe iablo II
"TCP Query User{85B86416-B49E-4A95-8C93-FCAE51D8380E}c:\\program files\\diablo ii\\game.exe"= UDP:c:\program files\diablo ii\game.exe iablo II
"UDP Query User{2265F56A-DEE2-4ACA-B230-D7E276A39EB5}c:\\program files\\diablo ii\\game.exe"= TCP:c:\program files\diablo ii\game.exe iablo II
"TCP Query User{96287F11-83B3-47F7-A144-B66EC3B6E584}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= UDP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"UDP Query User{2169CCAB-E7E4-4749-8C57-248F8D89F767}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= TCP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"TCP Query User{D4BBE491-34A1-4724-84A3-174353291B02}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= UDP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"UDP Query User{53AE0AEE-7684-4C68-8702-0F7DC5B1E3AD}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= TCP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"{5C9D6B4F-4DA6-4366-B302-A88FCBB57295}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3DDA6A49-C500-424A-882A-0D5949C340CE}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{367B5D11-CC00-409D-9843-B86D333CC49D}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0C26F977-443B-4ACC-8FED-C5AB6D138E55}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{31B095C3-F4A8-407B-88B1-3A1E823CCA8E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{FCB87D11-F8CD-4C9E-B434-F997D043F41B}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= UDP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"UDP Query User{9828EF20-4966-4E7B-AC23-59ACC9F3AE35}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= TCP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"TCP Query User{A304EBEA-FCA8-451C-B9A2-D5F5812D5B52}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= UDP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"UDP Query User{EF8B0215-EAAA-4A56-9F1B-8176FD39132A}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= TCP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"TCP Query User{F505F978-9418-4F85-A245-1478EB96E11F}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= UDP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"UDP Query User{E1AB6EB6-68C8-4416-855F-D29916AE7272}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= TCP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"TCP Query User{FA9BB106-6323-44B3-8243-3A9951F90054}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= UDP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"UDP Query User{2AADC0E7-4AED-417F-ACE8-B2B2D1CA7BAF}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= TCP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"{35ACC38A-11EE-4E36-9410-ADD3159104A1}"= UDP :\steam.exe:Steam
"{7BE1017B-C430-4E67-A9BE-B0C3DFB4B9DA}"= TCP :\steam.exe:Steam
"TCP Query User{EC90E3E2-3C1E-4490-B5BF-959A1BCF6A49}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{5E625F98-1926-45DD-835C-07A86A5A39C1}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"TCP Query User{EA93C274-C331-4C18-B04D-0D59178CA52B}d:\\wow\\wow-frfr-installer-downloader.exe"= UDP :\wow\wow-frfr-installer-downloader.exe:Blizzard Downloader
"UDP Query User{55A0145E-5975-4FD2-A5D4-B0740D86836D}d:\\wow\\wow-frfr-installer-downloader.exe"= TCP :\wow\wow-frfr-installer-downloader.exe:Blizzard Downloader
"TCP Query User{890541F0-080C-47A9-A432-A0ADBB93B84B}d:\\wow\\world of warcraft\\backgrounddownloader.exe"= UDP :\wow\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{F3FE1CFC-0876-4A15-AB44-ABADDFDF63D6}d:\\wow\\world of warcraft\\backgrounddownloader.exe"= TCP :\wow\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{38C22F30-7065-495F-A747-7643DD2D0ECF}d:\\video cocan\\zerg_reveal_final_french_xvid.avi-downloader.exe"= UDP :\video cocan\zerg_reveal_final_french_xvid.avi-downloader.exe:Blizzard Downloader
"UDP Query User{3A39F390-4EB2-4485-B0A3-A5BDF65AA7AD}d:\\video cocan\\zerg_reveal_final_french_xvid.avi-downloader.exe"= TCP :\video cocan\zerg_reveal_final_french_xvid.avi-downloader.exe:Blizzard Downloader
"TCP Query User{4D2110B8-4C5A-451C-B7FB-6AB3DA46A802}d:\\video cocan\\720_starcraft2gameplayvideo_french.avi-downloader.exe"= UDP :\video cocan\720_starcraft2gameplayvideo_french.avi-downloader.exe:Blizzard Downloader
"UDP Query User{BC747F2E-5989-426E-BF36-DC93B4839300}d:\\video cocan\\720_starcraft2gameplayvideo_french.avi-downloader.exe"= TCP :\video cocan\720_starcraft2gameplayvideo_french.avi-downloader.exe:Blizzard Downloader
"{D75281F0-0060-4018-AA1E-75C6A72BB071}"= UDP:c:\program files\Cegetel\C-BOX\Wizard\NA_Cegetel_ADSL_VoIP.exe:Installation de la C-BOX de Cegetel
"{7A30D394-0401-4B86-9944-AB86E277265E}"= TCP:c:\program files\Cegetel\C-BOX\Wizard\NA_Cegetel_ADSL_VoIP.exe:Installation de la C-BOX de Cegetel
"TCP Query User{BB9D104C-E483-433B-862D-85E8AD9194F0}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{12F7546A-58D0-4C99-B98F-7C41BE0498B6}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"{77AA4B16-D7C9-45E3-A9E7-C9DED33939CD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{6DD3B994-E6CA-4156-B44D-D5B1B336AE4F}d:\\nouveau porte-documents\\starcraft\\starcraft.exe"= UDP :\nouveau porte-documents\starcraft\starcraft.exe:Starcraft
"UDP Query User{B396D06B-E9C2-4BFA-9B20-78AE95B61221}d:\\nouveau porte-documents\\starcraft\\starcraft.exe"= TCP :\nouveau porte-documents\starcraft\starcraft.exe:Starcraft
"TCP Query User{37E5D663-5AFF-4A87-AD1A-BEE76E9580F7}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F99F69C9-644B-4B54-B30D-E93872D7D5A3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D5B733D7-1894-49A6-96B5-541F9179DE14}c:\\users\\tenshi\\appdata\\local\\temp\\msnmsgr.exe"= UDP:c:\users\tenshi\appdata\local\temp\msnmsgr.exe:msnmsgr.exe
"UDP Query User{AB3DCF9E-7EF2-4B4F-89D0-82F55842C564}c:\\users\\tenshi\\appdata\\local\\temp\\msnmsgr.exe"= TCP:c:\users\tenshi\appdata\local\temp\msnmsgr.exe:msnmsgr.exe
"{76A91542-CD7E-41A5-8264-31AA1C128B69}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{17DAA8CF-EE92-4A11-BE4B-B99AB0F7C445}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{4D357D77-9569-4843-B272-E462839763EC}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{6227E296-FB40-4469-8FE1-076AD89471B7}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{C26EF467-03A5-4211-AFD0-D44431F881C0}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{16D1BB3F-9946-4C17-9FD3-E9FEC02DB49F}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{E4A6B7E1-ACFA-4F1A-8D34-B08B41D4EF07}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{D32D9E13-118C-4E32-83DF-B582650B42F2}"= UDP :\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{62FDB0B4-465D-47A6-B575-941A1F8F03B7}"= TCP :\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{F737D31A-0D7D-4D0A-B5E9-F1185D26234B}"= UDP :\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{094BCD1D-ED2C-4B34-A353-EF40879E77D1}"= TCP :\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{4673B916-0A5E-491F-A1DB-DD92809FAC8A}"= UDP :\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{91C329CD-55F5-449D-AD24-396EB71BA072}"= TCP :\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{34C46C7B-7DB0-4425-BFD1-0BEC66280E80}"= UDP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{A138830D-9A2E-4D0B-9981-A12E0152EF6A}"= TCP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{3358C7B8-977C-40C3-9189-757368503E7E}"= UDP:c:\windows\System32\PnkBstrB.exe nkBstrB
"{5BC5E3C9-D604-4F46-9C74-B0A8444E9ED0}"= TCP:c:\windows\System32\PnkBstrB.exe nkBstrB
"{D3E041E5-894D-4165-B169-3FFE843FB510}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{817892AC-CD7B-4D13-9F05-A57CC428328E}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{D15983B0-ACD5-484E-BD65-C5DB2FA7DFD5}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{0EF3F9BB-9C96-4C96-B0DD-E76160E13F13}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{89AB839D-61C6-44A6-A3E4-277A83D877F0}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead
"UDP Query User{BF512ADD-DB21-49DB-BA55-92230B69A121}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead
"TCP Query User{998BAC37-6D89-49B8-9C05-10233228343D}d:\\unreal tournament 3\\binaries\\ut3.exe"= UDP :\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{CE250ABF-E20E-40DB-800F-1B006285736F}d:\\unreal tournament 3\\binaries\\ut3.exe"= TCP :\unreal tournament 3\binaries\ut3.exe:UT3
"{EFB32335-EE18-4939-8BA5-F6337B31720D}"= UDP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{C6C5773A-EC87-4A57-813F-A46B62A727EC}"= TCP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{05487C9F-B65E-4B5A-902C-77CE7D8D3866}"= UDP:c:\windows\System32\PnkBstrB.exe nkBstrB
"{EC3E0839-A4CA-42E7-9BDC-21137ED47E66}"= TCP:c:\windows\System32\PnkBstrB.exe nkBstrB
"TCP Query User{F37A27DB-3DBC-46C9-8576-005A979C395A}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{80A8EBEE-F027-4724-A033-057D2A9A5D24}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2
"TCP Query User{0E3A95D1-B2F6-4803-86BB-AA6C9FC6502E}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{0477B483-1E01-41B4-A9B7-E9F0CB7DD73D}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [03/09/2007 21:41 13560]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [12/07/2007 15:03 50688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [12/07/2007 22:18 179712]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [12/07/2007 22:18 43008]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\System32\drivers\WlanUZXP.sys [13/01/2008 20:43 260608]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://princesse-de-son-royaume.skyrock.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 19:08
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-4259681360-494331265-772583463-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,ca,b7,86,51,59,55,3d,50,1e,eb,53,ba,c6,bd,1b,3f,9c,96,11,8c,8a,ef,
fe,ae,b9,55,a0,82,c9,5e,67,28,72,b7,25,fe,55,39,09,92,54,3e,27,3d,47,3d,d5,\
"??"=hex:fd,41,f2,56,f2,33,e5,62,61,72,c6,24,29,2d,97,e7

[HKEY_USERS\S-1-5-21-4259681360-494331265-772583463-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:5a,e7,6a,fb,87,19,0f,dc,fe,c0,29,bf,e6,80,4a,a4,33,34,a5,88,a3,
7b,ab,50,50,d4,f3,d2,66,bc,de,1f,a5,45,e4,14,0f,94,52,d1,a9,1d,3f,16,77,85,\
"rkeysecu"=hex:75,11,54,3b,a4,81,4c,b1,64,15,52,a1,d6,3f,98,bd

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Razer\Krait\razerofa.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\users\Tenshi\AppData\Local\temp\RtkBtMnt.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Heure de fin: 2009-05-29 19:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-29 17:11
ComboFix2.txt 2009-05-28 21:41

Avant-CF: 28 325 584 896 octets libres
Après-CF: 28 275 474 432 octets libres

304 --- E O F --- 2009-05-29 07:30

voilà le rapport de MBAM :

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1685
Windows 6.0.6000

29/05/2009 19:53:02
mbam-log-2009-05-29 (19-53-02).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 146164
Temps écoulé: 34 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

J'ai quelque chose a signalé tout de meme , quand j'ai fais combofix avec votre manipulation ,et ensuite MBAM pas de probleme apres sa j'eteinds l'ordinateur je le rallume et là , Anti Vir detecte un trojan TR/Crash ou gras quelque chose je l'ai delete voilà si sa peut etre important..

Merci de votre aide..

Tu mettre Combofix sur ton disque C: et lancer le script sur depuis ton disque C: et pas D: ?
Quel est l'emplacement de l'infection ?

l'infection etait en rapport avec activetoolband un truc comme sa... je me souviens plus tres bien je vais essayer de trouver , et je lance combofix depuis mon disque D

D'accord, mais je te demande de le lancer sur C:  

Lancement depuis C:

ComboFix 09-05-28.01 - Tenshi 31/05/2009 14:12.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2046.1224 [GMT 2:00]
Lancé depuis: c:\program files\Combofix\ComboFix.exe
Commutateurs utilisés :: c:\users\Tenshi\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-31 ))))))))))))))))))))))))))))))))))))
.

2009-05-31 12:16 . 2009-05-31 12:20 -------- d-----w c:\users\Tenshi\AppData\Local\temp
2009-05-31 11:33 . 2009-05-31 11:33 -------- d-----w c:\program files\Combofix
2009-05-29 07:30 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{29497F9A-D875-46BE-B6EB-A5E27C340A3D}\mpengine.dll
2009-05-25 21:34 . 2009-05-27 21:35 75096 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-25 21:34 . 2009-05-25 21:34 -------- d-----w c:\programdata\Avira
2009-05-25 21:34 . 2009-05-25 21:34 -------- d-----w c:\program files\Avira
2009-05-15 16:38 . 2009-05-15 16:38 -------- d-----w c:\program files\Smart Projects
2009-05-15 15:15 . 2008-03-21 22:41 503864 ----a-w c:\windows\system32\drivers\Wdf01000.sys
2009-05-15 15:15 . 2008-03-21 22:41 35896 ----a-w c:\windows\system32\drivers\WdfLdr.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 09:54 . 2008-01-12 14:49 27430 ----a-w c:\users\Tenshi\AppData\Roaming\nvModes.dat
2009-05-31 08:50 . 2006-11-02 15:48 690832 ----a-w c:\windows\system32\perfh00C.dat
2009-05-31 08:50 . 2006-11-02 15:48 117572 ----a-w c:\windows\system32\perfc00C.dat
2009-05-31 08:45 . 2008-10-18 10:34 -------- d-----w c:\users\Tenshi\AppData\Roaming\Skype
2009-05-31 08:45 . 2008-10-18 10:39 -------- d-----w c:\users\Tenshi\AppData\Roaming\skypePM
2009-05-23 22:39 . 2007-07-12 11:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-23 14:10 . 2009-01-24 15:28 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-23 13:58 . 2009-01-24 15:28 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 15:15 . 2009-05-15 15:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-05-15 15:15 . 2009-05-15 15:15 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-13 21:21 . 2007-07-12 12:40 -------- d-----w c:\programdata\Microsoft Help
2009-04-26 21:28 . 2009-04-26 21:28 -------- d-----w c:\program files\ReflexiveArcade
2009-04-19 15:04 . 2009-04-19 15:04 -------- d-----w c:\programdata\BOONTY
2009-04-19 15:04 . 2009-04-19 15:04 -------- d-----w c:\program files\Common Files\BOONTY Shared
2009-04-19 15:04 . 2009-04-19 15:04 -------- d-----w c:\program files\Téléchargeur de Commandos 2
2009-04-08 12:29 . 2009-04-08 12:29 56448 ----a-w c:\windows\system32\drivers\xusb21.sys
2009-03-17 03:16 . 2009-04-15 06:04 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-15 06:04 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-13 21:20 . 2009-01-24 15:28 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-13 20:15 . 2009-01-24 15:28 22328 ----a-w c:\users\Tenshi\AppData\Roaming\PnkBstrK.sys
2009-03-13 20:15 . 2009-01-24 15:28 22328 ----a-w c:\users\Tenshi\AppData\Roaming\PnkBstrK.sys
2009-03-09 04:19 . 2009-01-25 20:23 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:24 . 2009-04-15 06:04 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:24 . 2009-04-15 06:04 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:20 . 2009-04-15 06:04 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-15 06:04 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-15 06:04 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-15 06:04 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-15 06:03 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-15 06:04 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-15 06:04 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-15 06:04 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-15 06:04 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-15 06:04 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-15 06:04 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-15 06:03 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-15 06:03 48128 ----a-w c:\windows\system32\mshtmler.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-28_21.38.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 11:43 . 2009-05-31 12:21 65712 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-31 12:21 85474 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-12 11:04 . 2009-05-31 12:21 12290 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4259681360-494331265-772583463-1000_UserData.bin
- 2007-09-03 19:34 . 2009-05-28 21:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-03 19:34 . 2009-05-30 21:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-03 19:34 . 2009-05-28 21:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-03 19:34 . 2009-05-30 21:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-03 19:34 . 2009-05-28 21:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-03 19:34 . 2009-05-30 21:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-28 21:35 . 2009-05-28 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-31 12:17 . 2009-05-31 12:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-31 12:17 . 2009-05-31 12:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-28 21:35 . 2009-05-28 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-05-31 08:50 610142 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-28 19:30 610142 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-31 08:50 103924 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-28 19:30 103924 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-13 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-01 171448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"Steam"="d:\tout steam\Steam.exe" [2009-05-24 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 1470976]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 242280]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"Krait"="c:\program files\Razer\Krait\razerhid.exe" [2006-01-24 147456]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2B6022EB-BC39-4FB4-8512-6C02FDAC55D1}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{C12BABA0-7FD9-4605-9C08-C7C4F87450EC}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe VDivine
"{BF21078F-1B9B-4C4F-B913-7FD3AEE009DD}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{609981F7-6F29-4587-9783-8161FC32A29F}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{09397485-A86C-4071-8C45-6E794711811C}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe V Wizard
"{D99F6974-76AD-4F54-9D2D-F3EB787088A2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F66ACF47-44DF-404F-A405-50DCE4E7B69A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CC9C9A1C-88AB-418F-929F-9E761C918C92}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe lay Movie
"{ADD6ECC5-5D56-4CA6-9EB6-BF548ECFC1F7}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe lay Movie Resident Program
"{A2C2FB59-27A1-4073-BAED-6E85A525FCDE}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"TCP Query User{04853DD5-2923-4946-985A-A7A344F580C8}c:\\program files\\diablo ii\\game.exe"= UDP:c:\program files\diablo ii\game.exe iablo II
"UDP Query User{7C74DF50-D767-43C2-99C5-D054393E1C50}c:\\program files\\diablo ii\\game.exe"= TCP:c:\program files\diablo ii\game.exe iablo II
"TCP Query User{85B86416-B49E-4A95-8C93-FCAE51D8380E}c:\\program files\\diablo ii\\game.exe"= UDP:c:\program files\diablo ii\game.exe iablo II
"UDP Query User{2265F56A-DEE2-4ACA-B230-D7E276A39EB5}c:\\program files\\diablo ii\\game.exe"= TCP:c:\program files\diablo ii\game.exe iablo II
"TCP Query User{96287F11-83B3-47F7-A144-B66EC3B6E584}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= UDP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"UDP Query User{2169CCAB-E7E4-4749-8C57-248F8D89F767}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= TCP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"TCP Query User{D4BBE491-34A1-4724-84A3-174353291B02}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= UDP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"UDP Query User{53AE0AEE-7684-4C68-8702-0F7DC5B1E3AD}c:\\program files\\ubisoft\\tom clancy's splinter cell double agent\\scda-online\\system\\scda_online.exe"= TCP:c:\program files\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe:SCDA_online
"{5C9D6B4F-4DA6-4366-B302-A88FCBB57295}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3DDA6A49-C500-424A-882A-0D5949C340CE}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{367B5D11-CC00-409D-9843-B86D333CC49D}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0C26F977-443B-4ACC-8FED-C5AB6D138E55}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{31B095C3-F4A8-407B-88B1-3A1E823CCA8E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{FCB87D11-F8CD-4C9E-B434-F997D043F41B}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= UDP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"UDP Query User{9828EF20-4966-4E7B-AC23-59ACC9F3AE35}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= TCP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"TCP Query User{A304EBEA-FCA8-451C-B9A2-D5F5812D5B52}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= UDP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"UDP Query User{EF8B0215-EAAA-4A56-9F1B-8176FD39132A}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= TCP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"TCP Query User{F505F978-9418-4F85-A245-1478EB96E11F}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= UDP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"UDP Query User{E1AB6EB6-68C8-4416-855F-D29916AE7272}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= TCP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"TCP Query User{FA9BB106-6323-44B3-8243-3A9951F90054}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= UDP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"UDP Query User{2AADC0E7-4AED-417F-ACE8-B2B2D1CA7BAF}d:\\steamapps\\ryudo_shenlong\\team fortress 2\\hl2.exe"= TCP :\steamapps\ryudo_shenlong\team fortress 2\hl2.exe:hl2
"{35ACC38A-11EE-4E36-9410-ADD3159104A1}"= UDP :\steam.exe:Steam
"{7BE1017B-C430-4E67-A9BE-B0C3DFB4B9DA}"= TCP :\steam.exe:Steam
"TCP Query User{EC90E3E2-3C1E-4490-B5BF-959A1BCF6A49}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{5E625F98-1926-45DD-835C-07A86A5A39C1}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"TCP Query User{EA93C274-C331-4C18-B04D-0D59178CA52B}d:\\wow\\wow-frfr-installer-downloader.exe"= UDP :\wow\wow-frfr-installer-downloader.exe:Blizzard Downloader
"UDP Query User{55A0145E-5975-4FD2-A5D4-B0740D86836D}d:\\wow\\wow-frfr-installer-downloader.exe"= TCP :\wow\wow-frfr-installer-downloader.exe:Blizzard Downloader
"TCP Query User{890541F0-080C-47A9-A432-A0ADBB93B84B}d:\\wow\\world of warcraft\\backgrounddownloader.exe"= UDP :\wow\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{F3FE1CFC-0876-4A15-AB44-ABADDFDF63D6}d:\\wow\\world of warcraft\\backgrounddownloader.exe"= TCP :\wow\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{38C22F30-7065-495F-A747-7643DD2D0ECF}d:\\video cocan\\zerg_reveal_final_french_xvid.avi-downloader.exe"= UDP :\video cocan\zerg_reveal_final_french_xvid.avi-downloader.exe:Blizzard Downloader
"UDP Query User{3A39F390-4EB2-4485-B0A3-A5BDF65AA7AD}d:\\video cocan\\zerg_reveal_final_french_xvid.avi-downloader.exe"= TCP :\video cocan\zerg_reveal_final_french_xvid.avi-downloader.exe:Blizzard Downloader
"TCP Query User{4D2110B8-4C5A-451C-B7FB-6AB3DA46A802}d:\\video cocan\\720_starcraft2gameplayvideo_french.avi-downloader.exe"= UDP :\video cocan\720_starcraft2gameplayvideo_french.avi-downloader.exe:Blizzard Downloader
"UDP Query User{BC747F2E-5989-426E-BF36-DC93B4839300}d:\\video cocan\\720_starcraft2gameplayvideo_french.avi-downloader.exe"= TCP :\video cocan\720_starcraft2gameplayvideo_french.avi-downloader.exe:Blizzard Downloader
"{D75281F0-0060-4018-AA1E-75C6A72BB071}"= UDP:c:\program files\Cegetel\C-BOX\Wizard\NA_Cegetel_ADSL_VoIP.exe:Installation de la C-BOX de Cegetel
"{7A30D394-0401-4B86-9944-AB86E277265E}"= TCP:c:\program files\Cegetel\C-BOX\Wizard\NA_Cegetel_ADSL_VoIP.exe:Installation de la C-BOX de Cegetel
"TCP Query User{BB9D104C-E483-433B-862D-85E8AD9194F0}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{12F7546A-58D0-4C99-B98F-7C41BE0498B6}d:\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\steamapps\evangile\team fortress 2\hl2.exe:hl2
"{77AA4B16-D7C9-45E3-A9E7-C9DED33939CD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{6DD3B994-E6CA-4156-B44D-D5B1B336AE4F}d:\\nouveau porte-documents\\starcraft\\starcraft.exe"= UDP :\nouveau porte-documents\starcraft\starcraft.exe:Starcraft
"UDP Query User{B396D06B-E9C2-4BFA-9B20-78AE95B61221}d:\\nouveau porte-documents\\starcraft\\starcraft.exe"= TCP :\nouveau porte-documents\starcraft\starcraft.exe:Starcraft
"TCP Query User{37E5D663-5AFF-4A87-AD1A-BEE76E9580F7}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F99F69C9-644B-4B54-B30D-E93872D7D5A3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D5B733D7-1894-49A6-96B5-541F9179DE14}c:\\users\\tenshi\\appdata\\local\\temp\\msnmsgr.exe"= UDP:c:\users\tenshi\appdata\local\temp\msnmsgr.exe:msnmsgr.exe
"UDP Query User{AB3DCF9E-7EF2-4B4F-89D0-82F55842C564}c:\\users\\tenshi\\appdata\\local\\temp\\msnmsgr.exe"= TCP:c:\users\tenshi\appdata\local\temp\msnmsgr.exe:msnmsgr.exe
"{76A91542-CD7E-41A5-8264-31AA1C128B69}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{17DAA8CF-EE92-4A11-BE4B-B99AB0F7C445}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{4D357D77-9569-4843-B272-E462839763EC}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{6227E296-FB40-4469-8FE1-076AD89471B7}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{C26EF467-03A5-4211-AFD0-D44431F881C0}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{16D1BB3F-9946-4C17-9FD3-E9FEC02DB49F}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{E4A6B7E1-ACFA-4F1A-8D34-B08B41D4EF07}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{D32D9E13-118C-4E32-83DF-B582650B42F2}"= UDP :\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{62FDB0B4-465D-47A6-B575-941A1F8F03B7}"= TCP :\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{F737D31A-0D7D-4D0A-B5E9-F1185D26234B}"= UDP :\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{094BCD1D-ED2C-4B34-A353-EF40879E77D1}"= TCP :\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{4673B916-0A5E-491F-A1DB-DD92809FAC8A}"= UDP :\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{91C329CD-55F5-449D-AD24-396EB71BA072}"= TCP :\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{34C46C7B-7DB0-4425-BFD1-0BEC66280E80}"= UDP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{A138830D-9A2E-4D0B-9981-A12E0152EF6A}"= TCP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{3358C7B8-977C-40C3-9189-757368503E7E}"= UDP:c:\windows\System32\PnkBstrB.exe nkBstrB
"{5BC5E3C9-D604-4F46-9C74-B0A8444E9ED0}"= TCP:c:\windows\System32\PnkBstrB.exe nkBstrB
"{D3E041E5-894D-4165-B169-3FFE843FB510}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{817892AC-CD7B-4D13-9F05-A57CC428328E}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{D15983B0-ACD5-484E-BD65-C5DB2FA7DFD5}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{0EF3F9BB-9C96-4C96-B0DD-E76160E13F13}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{89AB839D-61C6-44A6-A3E4-277A83D877F0}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead
"UDP Query User{BF512ADD-DB21-49DB-BA55-92230B69A121}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead
"TCP Query User{998BAC37-6D89-49B8-9C05-10233228343D}d:\\unreal tournament 3\\binaries\\ut3.exe"= UDP :\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{CE250ABF-E20E-40DB-800F-1B006285736F}d:\\unreal tournament 3\\binaries\\ut3.exe"= TCP :\unreal tournament 3\binaries\ut3.exe:UT3
"{EFB32335-EE18-4939-8BA5-F6337B31720D}"= UDP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{C6C5773A-EC87-4A57-813F-A46B62A727EC}"= TCP:c:\windows\System32\PnkBstrA.exe nkBstrA
"{05487C9F-B65E-4B5A-902C-77CE7D8D3866}"= UDP:c:\windows\System32\PnkBstrB.exe nkBstrB
"{EC3E0839-A4CA-42E7-9BDC-21137ED47E66}"= TCP:c:\windows\System32\PnkBstrB.exe nkBstrB
"TCP Query User{F37A27DB-3DBC-46C9-8576-005A979C395A}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{80A8EBEE-F027-4724-A033-057D2A9A5D24}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2
"TCP Query User{0E3A95D1-B2F6-4803-86BB-AA6C9FC6502E}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= UDP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2
"UDP Query User{0477B483-1E01-41B4-A9B7-E9F0CB7DD73D}d:\\tout steam\\steamapps\\evangile\\team fortress 2\\hl2.exe"= TCP :\tout steam\steamapps\evangile\team fortress 2\hl2.exe:hl2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [03/09/2007 21:41 13560]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [12/07/2007 15:03 50688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [12/07/2007 22:18 179712]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [12/07/2007 22:18 43008]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\System32\drivers\WlanUZXP.sys [13/01/2008 20:43 260608]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://princesse-de-son-royaume.skyrock.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 14:20
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-4259681360-494331265-772583463-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,ca,b7,86,51,59,55,3d,50,1e,eb,53,ba,c6,bd,1b,3f,9c,96,11,8c,8a,ef,
fe,ae,b9,55,a0,82,c9,5e,67,28,72,b7,25,fe,55,39,09,92,54,3e,27,3d,47,3d,d5,\
"??"=hex:fd,41,f2,56,f2,33,e5,62,61,72,c6,24,29,2d,97,e7

[HKEY_USERS\S-1-5-21-4259681360-494331265-772583463-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:5a,e7,6a,fb,87,19,0f,dc,fe,c0,29,bf,e6,80,4a,a4,33,34,a5,88,a3,
7b,ab,50,50,d4,f3,d2,66,bc,de,1f,a5,45,e4,14,0f,94,52,d1,a9,1d,3f,16,77,85,\
"rkeysecu"=hex:75,11,54,3b,a4,81,4c,b1,64,15,52,a1,d6,3f,98,bd

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Razer\Krait\razerofa.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\users\Tenshi\AppData\Local\temp\RtkBtMnt.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Heure de fin: 2009-05-31 14:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-31 12:23
ComboFix2.txt 2009-05-29 17:11
ComboFix3.txt 2009-05-28 21:41

Avant-CF: 28 643 442 688 octets libres
Après-CF: 28 409 200 640 octets libres

311 --- E O F --- 2009-05-29 07:30

Reposte un rapport Hijackthis pour voir.

Hijackthis le rapport :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:53, on 31/05/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Users\Tenshi\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
D:\Video cocan\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://princesse-de-son-royaume.skyrock.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0....
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9409 bytes

Re,

Choisis do a system scan only, coche ces lignes (si toujours présentes) :

Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked !

C'est fait . je dois refaire un rapport hijackthis ?

Si tu veux  

le voici :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:08, on 02/06/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Users\Tenshi\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
D:\Video cocan\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://princesse-de-son-royaume.skyrock.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0....
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9199 bytes

C'est clean.

ok , merci beaucoup pour cette aide , sa fait plaisir d'etre aider.
Merci.

Bon surf