Plublicité intempestive

Fly -  
 fly -
Bonjour,
voila j'ai des publicites qui s'affichent toutes seules ... et mon pc galere un peu !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:09, on 22/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Francois\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Francois\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: snappyads - {1006286a-b660-89f4-0e9f-ca8ed270ea1e} - C:\Windows\system32\nsm3363.dll
O2 - BHO: snappyads browser enhancer - {31DF4105-A33B-E642-24BD-AB9180EEBB6C} - C:\Windows\system32\sjhgjjupdpp.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: mysidesearch search enhancer - {C3DE28E8-993E-C258-3A1C-8406BBE7BFEC} - C:\Windows\system32\lbetzdrunolfhhrtq.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [coasbejcdgsgd] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\sjhgjjupdpp.dll"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Windows\
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: McAfee Application Installer Cleanup (0129161231500970) (0129161231500970mcinstcleanup) - Unknown owner - C:\Windows\TEMP\012916~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11237 bytes

j'espere que vous allez trouver quelque chose =)

MERCI D4AVANCE .
Configuration: Windows Vista
Firefox 3.0.5

16 réponses

  1. Utilisateur anonyme
     
    Bonjour,

    * Telecharges Malwarebytes :
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    à la fin du telechargement, laisses faire la mise a jour

    * Fermes tous les programmes et lances mbam

    * Clique sur recherche --> executes un examen rapide

    * A la fin du scan, cliques sur afficher les resultats

    * Puis sur supprimer la selection
    --> si mbam doit redemarrer pour finir la desinfection, fais le

    * postes le rapport généré
    0
    1. Fly
       
      Malwarebytes' Anti-Malware 1.33
      Version de la base de données: 1673
      Windows 6.0.6001 Service Pack 1

      22/01/2009 11:44:08
      mbam-log-2009-01-22 (11-44-08).txt

      Type de recherche: Examen rapide
      Eléments examinés: 47064
      Temps écoulé: 2 minute(s), 54 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 2
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 2

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3de28e8-993e-c258-3a1c-8406bbe7bfec} (Adware.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{c3de28e8-993e-c258-3a1c-8406bbe7bfec} (Adware.BHO) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\coasbejcdgsgd (Trojan.Agent) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Windows\System32\sjhgjjupdpp.dll (Trojan.Agent) -> Delete on reboot.
      C:\Windows\System32\lbetzdrunolfhhrtq.dll (Adware.BHO) -> Delete on reboot.

      Merci de t'occper de mon cas !
      0
  2. Utilisateur anonyme
     
    Re,

    * Vides la quarantaine de Malwarebytes
    --> ouvres mbam --> quarantaine --> supprimes ce qui s'y trouve

    * Telecharges RSIT sur ton bureau :
    http://images.malwareremoval.com/random/RSIT.exe

    * Double-cliques sur RSIT.exe pour lancer le programme

    * Cliques sur "Continue" à l'écran Disclaimer

    * Si l'outil Hijackthis n'est pas detecté ou non-présent, RSIT le
    telechargera --> acceptes la license

    * Lorsque l'analyse est finie : --> 2 fichiers s'ouvrent
    Postes le contenu de log.txt et info.txt
    ( dans la barre de taches )

    * Les rapports sont aussi à C:\Rsit.txt
    0
    1. Fly
       
      Logfile of random's system information tool 1.05 (written by random/random)
      Run by Francois at 2009-01-22 12:00:48
      Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
      System drive C: has 84 GB (57%) free of 148 GB
      Total RAM: 3066 MB (62% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:01:01, on 22/01/2009
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Users\Francois\AppData\Local\Temp\RtkBtMnt.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\system32\taskeng.exe
      C:\Users\Francois\Downloads\RSIT.exe
      C:\Program Files\trend micro\Francois.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: snappyads - {1006286a-b660-89f4-0e9f-ca8ed270ea1e} - C:\Windows\system32\nsm3363.dll
      O2 - BHO: snappyads browser enhancer - {31DF4105-A33B-E642-24BD-AB9180EEBB6C} - C:\Windows\system32\sjhgjjupdpp.dll (file missing)
      O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
      O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O13 - Gopher Prefix:
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
      O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
      O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Windows\
      O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
      O23 - Service: McAfee Application Installer Cleanup (0129161231500970) (0129161231500970mcinstcleanup) - Unknown owner - C:\Windows\TEMP\012916~1.EXE (file missing)
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
      O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
      O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
      O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
      O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
      O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
      O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
      O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
      O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
      O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
    2. Fly
       
      UN petit up, j'ai tjs ces pubs de m**** =)
      0
  3. Utilisateur anonyme
     
    Re,

    * Sous vista : il faut desactiver le controle des comptes utilisateurs
    --> pas de double clique --> clic droit ( executer en tant qu'administrateur )
    Telecharges Combofix sur ton bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Deconnectes toi du net et fermes toutes les applications en cours /!\

    /!\ Desactives ton antivirus et le tea-timer de Spybot /!\

    * pour le tea-timer :
    --> ouvres spybot --> cliques sur mode ,avancé --> outil --> Resident
    et decoches la case du tea-timer --> Ne le reactives qu'à la fin de
    la desinfection..

    * Cic droit sur ComboFix.exe --> executer en tant qu'administrateur
    --> un pop up apparait --> reponds oui
    ( vu la puissance de l'outil, il est conseillé d'installer la console de recuperations )

    * Choisis la langue et tapes sur la touche " 1 " ( yes) pour demarrer le scan

    /!\ Ne touche ni à ta souris, ni ton clavier pendant le scan /!\

    * En fin de scan, il est possible que l'outil ait besoin de redemarrer pour finir la desinfection
    laisses le faire

    * Une fois le scan fini, un rapport s'etablit
    - postes son contenu

    Note : le rapport est aussi à C:\combofix.txt
    0
    1. Fly
       
      ComboFix 09-01-20.05 - Francois 2009-01-22 12:52:19.1 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3066.2037 [GMT 1:00]
      Lancé depuis: c:\users\Francois\Downloads\ComboFix.exe
      * Un nouveau point de restauration a été créé
      * Resident AV is active

      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\program files\Mozilla Firefox\components\lbetzdrunolfhhrtq.dll
      c:\users\Francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp5752.tmp
      c:\users\Francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp6C2B.tmp
      c:\users\Francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp6E5D.tmp
      c:\users\Francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp757D.tmp
      c:\users\Francois\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp869F.tmp

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-22 au 2009-01-22 ))))))))))))))))))))))))))))))))))))
      .

      2009-01-22 12:00 . 2009-01-22 12:01 <REP> d-------- C:\rsit
      2009-01-22 12:00 . 2009-01-22 12:01 <REP> d-------- c:\program files\trend micro
      2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\users\Francois\AppData\Roaming\Malwarebytes
      2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\users\All Users\Malwarebytes
      2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\programdata\Malwarebytes
      2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2009-01-22 11:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
      2009-01-22 11:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
      2009-01-20 13:19 . 2009-01-20 13:19 85,208 --a------ c:\windows\System32\cont_snappyads-remove.exe
      2009-01-20 13:19 . 2009-01-20 13:19 69,027 --a------ c:\windows\System32\lbetzdrunolfhhrtq.dll-uninst.exe
      2009-01-20 13:19 . 2009-01-20 13:19 47,584 --a------ c:\windows\System32\idslqavnsqklgg.exe
      2009-01-20 11:28 . 2009-01-20 11:28 603,904 --a------ c:\windows\System32\TUProgSt.exe
      2009-01-20 11:28 . 2009-01-20 11:28 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
      2009-01-20 11:28 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
      2009-01-20 11:28 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
      2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\users\Francois\AppData\Roaming\TuneUp Software
      2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\users\All Users\TuneUp Software
      2009-01-20 11:27 . 2009-01-20 11:27 <REP> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
      2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\programdata\TuneUp Software
      2009-01-20 11:27 . 2009-01-20 11:27 <REP> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
      2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\program files\TuneUp Utilities 2009
      2009-01-19 12:31 . 2009-01-19 12:31 <REP> d-------- c:\users\Francois\AppData\Roaming\Shareaza
      2009-01-19 12:31 . 2009-01-19 12:31 <REP> d-------- c:\program files\Shareaza
      2009-01-15 20:31 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
      2009-01-14 14:09 . 2009-01-14 14:09 <REP> d-------- c:\program files\Custom-Strike
      2009-01-14 14:09 . 1998-06-18 00:00 89,360 --a------ c:\windows\System32\VB5DB.DLL
      2009-01-06 20:51 . 2009-01-06 20:51 680,448 --a------ c:\windows\System32\nsm3363.dll
      2009-01-03 18:25 . 2009-01-03 18:25 <REP> d-------- c:\program files\RegCleaner
      2008-12-29 23:27 . 2008-12-29 23:28 <REP> d-------- c:\users\All Users\Lavasoft
      2008-12-29 23:27 . 2008-12-29 23:28 <REP> d-------- c:\programdata\Lavasoft
      2008-12-29 23:27 . 2008-12-29 23:27 <REP> d-------- c:\program files\Lavasoft
      2008-12-29 23:25 . 2008-12-29 23:25 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
      2008-12-29 23:14 . 2008-12-29 23:14 <REP> d-------- c:\users\Francois\AppData\Roaming\dvdcss
      2008-12-28 16:08 . 2009-01-12 08:39 <REP> d-------- c:\users\Francois\AppData\Roaming\vlc
      2008-12-28 16:06 . 2008-12-28 16:06 <REP> d-------- c:\program files\VideoLAN
      2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\users\All Users\Downloaded Installations
      2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\programdata\Downloaded Installations
      2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\program files\VirginMega
      2008-12-28 11:13 . 2009-01-20 10:34 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
      2008-12-28 11:13 . 2009-01-20 10:34 <REP> d-------- c:\programdata\Spybot - Search & Destroy
      2008-12-28 11:13 . 2008-12-28 11:13 <REP> d-------- c:\program files\Spybot - Search & Destroy
      2008-12-28 00:37 . 2008-12-28 00:37 <REP> d-------- c:\program files\CCleaner
      2008-12-27 23:05 . 2008-12-27 23:05 <REP> d-------- c:\users\All Users\Age of Empires 3
      2008-12-27 23:05 . 2008-12-27 23:05 <REP> d-------- c:\programdata\Age of Empires 3
      2008-12-26 13:04 . 2008-12-26 13:04 <REP> d-------- c:\users\Francois\AppData\Roaming\Leadertech
      2008-12-26 13:00 . 2008-12-26 13:00 <REP> d-------- c:\program files\NovaLogic
      2008-12-26 11:49 . 2008-12-26 11:49 <REP> d----c--- c:\windows\System32\DRVSTORE
      2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\users\Francois\AppData\Roaming\Apple Computer
      2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
      2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
      2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\program files\iTunes
      2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\program files\iPod
      2008-12-26 11:49 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
      2008-12-26 11:49 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
      2008-12-26 11:48 . 2009-01-22 10:39 <REP> d-------- c:\program files\Bonjour
      2008-12-26 11:46 . 2008-12-26 11:49 <REP> d-------- c:\users\All Users\Apple Computer
      2008-12-26 11:46 . 2008-12-26 11:49 <REP> d-------- c:\programdata\Apple Computer
      2008-12-26 11:46 . 2008-12-26 11:47 <REP> d-------- c:\program files\QuickTime
      2008-12-26 11:46 . 2008-12-26 11:46 <REP> d-------- c:\program files\Apple Software Update
      2008-12-26 11:43 . 2008-12-26 11:43 <REP> d-------- c:\users\All Users\Apple
      2008-12-26 11:43 . 2008-12-26 11:43 <REP> d-------- c:\programdata\Apple
      2008-12-26 11:43 . 2008-12-26 11:49 <REP> d-------- c:\program files\Common Files\Apple
      2008-12-25 00:41 . 2009-01-12 08:39 <REP> d-------- c:\program files\GUILD WARS
      2008-12-22 21:44 . 2008-12-22 21:44 <REP> dr------- c:\windows\System32\config\systemprofile\Videos
      2008-12-22 21:44 . 2008-12-22 21:44 <REP> dr------- c:\windows\System32\config\systemprofile\Searches
      2008-12-22 21:44 . 2008-12-22 21:44 <REP> dr------- c:\windows\System32\config\systemprofile\Saved Games
      2008-12-22 21:44 . 2008-12-22 21:44 <REP> dr------- c:\windows\System32\config\systemprofile\Pictures
      2008-12-22 21:44 . 2008-12-22 21:44 <REP> dr------- c:\windows\System32\config\systemprofile\Music
      2008-12-22 21:44 . 2008-12-22 21:44 <REP> dr------- c:\windows\System32\config\systemprofile\Links
      2008-12-22 21:44 . 2008-12-22 21:44 <REP> dr------- c:\windows\System32\config\systemprofile\Downloads
      2008-12-22 21:44 . 2008-12-22 21:44 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
      2008-12-22 21:30 . 2009-01-18 21:53 <REP> d-------- c:\program files\World of Warcraft
      2008-12-22 21:25 . 2008-12-22 21:27 <REP> d-------- c:\program files\Age Of Empires 3 Incl Expansion and keys
      2008-12-22 21:19 . 2008-12-22 21:19 <REP> d-------- c:\program files\COD4MW

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-01-22 09:40 --------- d-----w c:\program files\Big Kahuna Reef
      2009-01-21 23:25 70,072 ----a-w c:\users\All Users\nvModes.dat
      2009-01-21 23:25 70,072 ----a-w c:\programdata\nvModes.dat
      2009-01-19 11:24 --------- d-----w c:\program files\Common Files\Steam
      2009-01-15 22:29 --------- d-----w c:\program files\Windows Mail
      2009-01-14 13:09 --------- d--h--w c:\program files\InstallShield Installation Information
      2009-01-10 11:19 --------- d-----w c:\program files\McAfee
      2008-12-31 22:17 --------- d-----w c:\programdata\TrackMania
      2008-12-28 10:19 --------- d-----w c:\programdata\CyberLink
      2008-12-28 10:18 --------- d-----w c:\program files\Cyberlink
      2008-12-27 22:02 --------- d-----w c:\program files\Microsoft Games
      2008-12-22 20:43 --------- d-----w c:\program files\Common Files\InstallShield
      2008-12-22 18:36 --------- d-----w c:\programdata\ma-config.com
      2008-12-22 18:36 --------- d-----w c:\program files\ma-config.com
      2008-12-21 21:41 --------- d-----w c:\program files\Windows Live
      2008-12-21 21:41 --------- d-----w c:\program files\Microsoft
      2008-12-21 21:39 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
      2008-12-21 21:37 --------- d-----w c:\program files\Windows Live SkyDrive
      2008-12-21 21:06 --------- d-----w c:\program files\SiteAdvisor
      2008-12-15 13:06 --------- d-----w c:\program files\Microsoft Silverlight
      2008-12-15 11:50 --------- d-----w c:\program files\Acer
      2008-12-15 03:28 --------- d-----w c:\programdata\Microsoft Help
      2008-12-15 02:59 --------- d-----w c:\program files\Microsoft Works
      2008-12-15 02:58 --------- d-----w c:\program files\MSXML 4.0
      2008-12-15 00:34 --------- d-----w c:\users\Francois\AppData\Roaming\CyberLink
      2008-12-14 22:02 --------- d-----w c:\programdata\SiteAdvisor
      2008-12-14 22:02 --------- d-----w c:\programdata\McAfee
      2008-12-14 21:54 --------- d-----w c:\program files\TmNationsForever
      2008-12-14 21:12 --------- d-----w c:\program files\Quake III Arena
      2008-12-14 20:47 --------- d-----w c:\program files\Acer GameZone
      2008-12-14 20:41 --------- d-----w c:\program files\eSobi
      2008-12-14 20:40 --------- d-----w c:\programdata\eSobi
      2008-12-14 20:39 --------- d-----w c:\users\Francois\AppData\Roaming\eSobi
      2008-12-14 19:54 --------- d-----w c:\program files\Common Files\Windows Live
      2008-12-14 19:51 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
      2008-12-14 19:50 --------- d-----w c:\programdata\WLInstaller
      2008-12-14 18:36 --------- d-----w c:\users\Francois\AppData\Roaming\Acer
      2008-12-14 13:15 --------- d-----w c:\program files\Valve
      2008-12-14 12:56 --------- d-----w c:\programdata\Prism
      2008-12-14 07:56 --------- d-----w c:\program files\Inventel
      2008-12-13 21:51 --------- d-----w c:\programdata\Partner
      2008-12-13 21:51 --------- d-----w c:\program files\Google
      2008-12-13 21:47 --------- d-sh--w c:\programdata\Modèles
      2008-12-13 21:47 --------- d-sh--w c:\programdata\Menu Démarrer
      2008-12-13 21:47 --------- d-sh--w c:\programdata\Favoris
      2008-12-13 21:47 --------- d-sh--w c:\programdata\Bureau
      2008-12-13 21:47 --------- d-sh--w c:\program files\Fichiers communs
      2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
      2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
      2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
      2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
      2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
      2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
      2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
      2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
      2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
      2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
      2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
      2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
      2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
      2009-01-06 19:51 652,800 ----a-w c:\program files\mozilla firefox\components\nssnappyads.dll
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1006286a-b660-89f4-0e9f-ca8ed270ea1e}]
      2009-01-06 20:51 680448 --a------ c:\windows\system32\nsm3363.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
      @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
      [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
      2008-05-14 16:05 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
      "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
      "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
      "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 4891472]
      "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 c:\windows\RtHDVCpl.exe]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      "DisableCAD"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
      2008-03-25 14:24 567560 c:\program files\Common Files\SPBA\homefus2.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=G

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      SetupExecute REG_MULTI_SZ \[u]0/u

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
      "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
      "ehTray.exe"=c:\windows\ehome\ehTray.exe
      "Steam"="c:\program files\valve\steam\steam.exe" -silent
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
      "eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
      "ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
      "PLFSetI"=c:\windows\PLFSetI.exe
      "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      "LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE
      "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe"
      "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
      "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
      "WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{FAE04AF8-863F-48CB-AC2D-F3C163FB7E13}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
      "{89799D38-6725-4CE5-9D1E-6E30415FE623}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
      "{D44F326E-3D01-4696-9E32-3ED5D49B0E4B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
      "{71E00646-63EC-47AC-B284-2EA545130FD0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
      "{57BDCF60-2235-4679-8101-B9BD26C60ED2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
      "{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
      "{44132C7C-6906-4ED8-ABA6-2596681E8633}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
      "{30A1F990-1B0B-408D-9385-E83FF29BE07F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{2FCDE318-182E-4D8F-9169-FE74FBB301CE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{918C7534-F0FA-4C43-B4A8-282F5DF8BF92}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
      "{659A4D55-1C3E-4393-8DBD-30DA70EECADC}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
      "{3D2990DE-F511-4D4B-8AF5-48A5774BE1C7}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
      "{FCF7DE19-0BA7-4364-A19D-B5618BE3AC2D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
      "{63DC4CE4-2900-4A51-ACFE-D456631A150C}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
      "{15CE0FF7-5A43-4109-B047-31C25420C096}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
      "{F261F141-D8DF-47C3-ADE8-88816CF7EA5A}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
      "TCP Query User{9A0278DA-8BA4-40AD-BAE8-D0697B3515DE}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
      "UDP Query User{42C7E423-956D-4E3C-93CB-D98ED432D61A}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
      "TCP Query User{5A68FABE-3451-49BA-9FA8-0B9C1CC772D9}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
      "UDP Query User{82C4AE81-B1B2-46DA-A53A-68E654D78032}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
      "TCP Query User{9896BC85-D72B-4F0B-95A7-0E41ADB0B075}c:\\program files\\valve\\steam\\steamapps\\tanis677\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\tanis677\counter-strike source\hl2.exe:hl2
      "UDP Query User{55E2C78A-F68F-4191-BEC5-688F4EE0D293}c:\\program files\\valve\\steam\\steamapps\\tanis677\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\tanis677\counter-strike source\hl2.exe:hl2
      "{D491F67F-B2BD-40D9-9231-85B0E99CC0DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
      "{D70AF408-594B-451D-BB13-A6F80C0C8B19}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
      "{40213D06-FAAF-4A92-9E41-E56F90010095}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
      "{1C4E7572-A691-4162-B524-07F0CB7DAA9C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
      "TCP Query User{6D211B05-D763-482C-9E9A-6D486C122040}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= UDP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops
      "UDP Query User{621CE8B4-0002-45E6-8129-3C0322E74CB5}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= TCP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops
      "TCP Query User{6A0DBC0D-DC6E-40B6-B0EA-34BF7CBAEA0B}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
      "UDP Query User{64B99D56-3138-4FB7-9088-3090A5D4585C}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing

      R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [2008-09-23 48128]
      R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [2008-07-25 3658752]
      R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-06-25 44064]
      R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]
      R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
      R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-07-25 24576]
      R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-14 203280]
      R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
      R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
      R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-10-15 233472]
      R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-20 603904]
      S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-13 24064]
      S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
      S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2008-12-13 110576]
      S4 0129161231500970mcinstcleanup;McAfee Application Installer Cleanup (0129161231500970);c:\windows\TEMP\[u]0/u12916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\[u]0/u12916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp
      .
      Contenu du dossier 'Tâches planifiées'

      2009-01-22 c:\windows\Tasks\Maintenance en 1 clic.job
      - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04]

      2008-12-14 c:\windows\Tasks\McDefragTask.job
      - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

      2009-01-01 c:\windows\Tasks\McQcTask.job
      - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{31DF4105-A33B-E642-24BD-AB9180EEBB6C} - c:\windows\system32\sjhgjjupdpp.dll
      Notify-AWinNotifyVitaKey MC3000 - (no file)


      .
      ------- Examen supplémentaire -------
      .
      mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
      uInternet Settings,ProxyOverride = *.local
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
      FF - ProfilePath - c:\users\Francois\AppData\Roaming\Mozilla\Firefox\Profiles\yyxi0bj2.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
      FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
      FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
      FF - component: c:\program files\Mozilla Firefox\components\nssnappyads.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
      FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

      ---- PARAMETRES FIREFOX ----
      FF - user.js: network.http.max-persistent-connections-per-server - 4
      FF - user.js: nglayout.initialpaint.delay - 600
      FF - user.js: content.notify.interval - 600000
      FF - user.js: content.max.tokenizing.time - 1800000
      FF - user.js: content.switch.threshold - 600000
      FF - user.js: browser.search.selectedEngine - Yoog Search
      FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
      FF - user.js: keyword.enabled - true
      FF - user.js: browser.search.defaultenginename - Yoog Search
      FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-01-22 12:54:29
      Windows 6.0.6001 Service Pack 1 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      Heure de fin: 2009-01-22 12:56:24
      ComboFix-quarantined-files.txt 2009-01-22 11:56:22

      Avant-CF: 88 378 347 520 octets libres
      Après-CF: 88,074,924,032 octets libres

      313 --- E O F --- 2009-01-21 10:09:44
      0
  4. Utilisateur anonyme
     
    Re,

    Desactives ton antivirus et la garde de ton antispyware /!\

    * Fermes tous les programmes en cours

    * Copies ( CTRL + C) le texte ci-dessous :

    File::

    c:\windows\System32\cont_snappyads_remove.exe
    c:\windows\System32\Ibetzdrunolfhhtrq.dll
    c:\windows\System32\idslqavnsqklgg.exe
    c:\windows\System32\3363.dll
    c:\Program Files\mozilla firefox\components\nssnappyads.dll

    * Ouvres le bloc-note : ( demarrer ---> accessoires ---> bloc-notes)
    --> Colles le texte precedemment copié et sauvegarde le fichier
    sous le nom de " CFScript "

    * Fait glisser le dossier sur l'icone de ComboFix.exe comme ici :
    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    * Cela va redemarrer l'outil --> tapes sur 1 puis valides

    /!\ ne touche pas à ta souris ou ton clavier pendant le scan /!\

    * Laisses le fix travailler et aprés redemarrage :
    --> postes le rapport généré

    -----------------------------------------------/ \------------------------------------------------
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Hello

    Je pense qu'avec ce nom de fichier cela ne marchera pas : CFSript

    CFScript, c'est mieux ;)

    Au passage :

    VB5DB.DLL

    ++
    0
  7. Utilisateur anonyme
     
    Bonjour Fly,

    * Tu n'ai pas reapparu !
    je t'ai laissé des instructions --> CFScript
    0
  8. Fly
     
    ComboFix 09-01-20.05 - Francois 2009-01-23 11:11:39.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3066.1718 [GMT 1:00]
    Lancé depuis: c:\users\Francois\Downloads\ComboFix.exe
    Commutateurs utilisés :: c:\users\Francois\Desktop\CFScript.txt
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-22 12:00 . 2009-01-22 12:01 <REP> d-------- C:\rsit
    2009-01-22 12:00 . 2009-01-22 12:01 <REP> d-------- c:\program files\trend micro
    2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\users\Francois\AppData\Roaming\Malwarebytes
    2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\users\All Users\Malwarebytes
    2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\programdata\Malwarebytes
    2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-22 11:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2009-01-22 11:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2009-01-20 13:19 . 2009-01-20 13:19 85,208 --a------ c:\windows\System32\cont_snappyads-remove.exe
    2009-01-20 13:19 . 2009-01-20 13:19 69,027 --a------ c:\windows\System32\lbetzdrunolfhhrtq.dll-uninst.exe
    2009-01-20 13:19 . 2009-01-20 13:19 47,584 --a------ c:\windows\System32\idslqavnsqklgg.exe
    2009-01-20 11:28 . 2009-01-20 11:28 603,904 --a------ c:\windows\System32\TUProgSt.exe
    2009-01-20 11:28 . 2009-01-20 11:28 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
    2009-01-20 11:28 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
    2009-01-20 11:28 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\users\Francois\AppData\Roaming\TuneUp Software
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\users\All Users\TuneUp Software
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\programdata\TuneUp Software
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\program files\TuneUp Utilities 2009
    2009-01-19 12:31 . 2009-01-19 12:31 <REP> d-------- c:\users\Francois\AppData\Roaming\Shareaza
    2009-01-19 12:31 . 2009-01-19 12:31 <REP> d-------- c:\program files\Shareaza
    2009-01-15 20:31 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
    2009-01-14 14:09 . 2009-01-14 14:09 <REP> d-------- c:\program files\Custom-Strike
    2009-01-14 14:09 . 1998-06-18 00:00 89,360 --a------ c:\windows\System32\VB5DB.DLL
    2009-01-06 20:51 . 2009-01-06 20:51 680,448 --a------ c:\windows\System32\nsm3363.dll
    2009-01-03 18:25 . 2009-01-03 18:25 <REP> d-------- c:\program files\RegCleaner
    2008-12-29 23:27 . 2008-12-29 23:28 <REP> d-------- c:\users\All Users\Lavasoft
    2008-12-29 23:27 . 2008-12-29 23:28 <REP> d-------- c:\programdata\Lavasoft
    2008-12-29 23:27 . 2008-12-29 23:27 <REP> d-------- c:\program files\Lavasoft
    2008-12-29 23:25 . 2008-12-29 23:25 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
    2008-12-29 23:14 . 2008-12-29 23:14 <REP> d-------- c:\users\Francois\AppData\Roaming\dvdcss
    2008-12-28 16:08 . 2009-01-12 08:39 <REP> d-------- c:\users\Francois\AppData\Roaming\vlc
    2008-12-28 16:06 . 2008-12-28 16:06 <REP> d-------- c:\program files\VideoLAN
    2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\users\All Users\Downloaded Installations
    2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\programdata\Downloaded Installations
    2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\program files\VirginMega
    2008-12-28 11:13 . 2009-01-20 10:34 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
    2008-12-28 11:13 . 2009-01-20 10:34 <REP> d-------- c:\programdata\Spybot - Search & Destroy
    2008-12-28 11:13 . 2008-12-28 11:13 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2008-12-28 00:37 . 2008-12-28 00:37 <REP> d-------- c:\program files\CCleaner
    2008-12-27 23:05 . 2008-12-27 23:05 <REP> d-------- c:\users\All Users\Age of Empires 3
    2008-12-27 23:05 . 2008-12-27 23:05 <REP> d-------- c:\programdata\Age of Empires 3
    2008-12-26 13:04 . 2008-12-26 13:04 <REP> d-------- c:\users\Francois\AppData\Roaming\Leadertech
    2008-12-26 13:00 . 2008-12-26 13:00 <REP> d-------- c:\program files\NovaLogic
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d----c--- c:\windows\System32\DRVSTORE
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\users\Francois\AppData\Roaming\Apple Computer
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\program files\iTunes
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\program files\iPod
    2008-12-26 11:49 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
    2008-12-26 11:49 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
    2008-12-26 11:48 . 2009-01-22 10:39 <REP> d-------- c:\program files\Bonjour
    2008-12-26 11:46 . 2008-12-26 11:49 <REP> d-------- c:\users\All Users\Apple Computer
    2008-12-26 11:46 . 2008-12-26 11:49 <REP> d-------- c:\programdata\Apple Computer
    2008-12-26 11:46 . 2008-12-26 11:47 <REP> d-------- c:\program files\QuickTime
    2008-12-26 11:46 . 2008-12-26 11:46 <REP> d-------- c:\program files\Apple Software Update
    2008-12-26 11:43 . 2008-12-26 11:43 <REP> d-------- c:\users\All Users\Apple
    2008-12-26 11:43 . 2008-12-26 11:43 <REP> d-------- c:\programdata\Apple
    2008-12-26 11:43 . 2008-12-26 11:49 <REP> d-------- c:\program files\Common Files\Apple
    2008-12-25 00:41 . 2009-01-12 08:39 <REP> d-------- c:\program files\GUILD WARS

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-22 21:47 70,072 ----a-w c:\users\All Users\nvModes.dat
    2009-01-22 21:47 70,072 ----a-w c:\programdata\nvModes.dat
    2009-01-22 09:40 --------- d-----w c:\program files\Big Kahuna Reef
    2009-01-19 11:24 --------- d-----w c:\program files\Common Files\Steam
    2009-01-18 20:53 --------- d-----w c:\program files\World of Warcraft
    2009-01-15 22:29 --------- d-----w c:\program files\Windows Mail
    2009-01-14 13:09 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-10 11:19 --------- d-----w c:\program files\McAfee
    2008-12-31 22:17 --------- d-----w c:\programdata\TrackMania
    2008-12-28 10:19 --------- d-----w c:\programdata\CyberLink
    2008-12-28 10:18 --------- d-----w c:\program files\Cyberlink
    2008-12-27 22:02 --------- d-----w c:\program files\Microsoft Games
    2008-12-22 20:43 --------- d-----w c:\program files\Common Files\InstallShield
    2008-12-22 20:27 --------- d-----w c:\program files\Age Of Empires 3 Incl Expansion and keys
    2008-12-22 20:19 --------- d-----w c:\program files\COD4MW
    2008-12-22 18:36 --------- d-----w c:\programdata\ma-config.com
    2008-12-22 18:36 --------- d-----w c:\program files\ma-config.com
    2008-12-21 21:41 --------- d-----w c:\program files\Windows Live
    2008-12-21 21:41 --------- d-----w c:\program files\Microsoft
    2008-12-21 21:39 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
    2008-12-21 21:37 --------- d-----w c:\program files\Windows Live SkyDrive
    2008-12-21 21:06 --------- d-----w c:\program files\SiteAdvisor
    2008-12-15 13:06 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-15 11:50 --------- d-----w c:\program files\Acer
    2008-12-15 03:28 --------- d-----w c:\programdata\Microsoft Help
    2008-12-15 02:59 --------- d-----w c:\program files\Microsoft Works
    2008-12-15 02:58 --------- d-----w c:\program files\MSXML 4.0
    2008-12-15 00:34 --------- d-----w c:\users\Francois\AppData\Roaming\CyberLink
    2008-12-14 22:02 --------- d-----w c:\programdata\SiteAdvisor
    2008-12-14 22:02 --------- d-----w c:\programdata\McAfee
    2008-12-14 21:54 --------- d-----w c:\program files\TmNationsForever
    2008-12-14 21:12 --------- d-----w c:\program files\Quake III Arena
    2008-12-14 20:47 --------- d-----w c:\program files\Acer GameZone
    2008-12-14 20:41 --------- d-----w c:\program files\eSobi
    2008-12-14 20:40 --------- d-----w c:\programdata\eSobi
    2008-12-14 20:39 --------- d-----w c:\users\Francois\AppData\Roaming\eSobi
    2008-12-14 19:54 --------- d-----w c:\program files\Common Files\Windows Live
    2008-12-14 19:51 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
    2008-12-14 19:50 --------- d-----w c:\programdata\WLInstaller
    2008-12-14 18:36 --------- d-----w c:\users\Francois\AppData\Roaming\Acer
    2008-12-14 13:15 --------- d-----w c:\program files\Valve
    2008-12-14 12:56 --------- d-----w c:\programdata\Prism
    2008-12-14 07:56 --------- d-----w c:\program files\Inventel
    2008-12-13 21:51 --------- d-----w c:\programdata\Partner
    2008-12-13 21:51 --------- d-----w c:\program files\Google
    2008-12-13 21:47 --------- d-sh--w c:\programdata\Modèles
    2008-12-13 21:47 --------- d-sh--w c:\programdata\Menu Démarrer
    2008-12-13 21:47 --------- d-sh--w c:\programdata\Favoris
    2008-12-13 21:47 --------- d-sh--w c:\programdata\Bureau
    2008-12-13 21:47 --------- d-sh--w c:\program files\Fichiers communs
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
    2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
    2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
    2009-01-06 19:51 652,800 ----a-w c:\program files\mozilla firefox\components\nssnappyads.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-22_12.55.04,55 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-22 10:53:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-01-23 09:57:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-01-22 10:53:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-01-23 09:57:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-01-22 11:54:25 208,896 ----a-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2009-01-23 09:59:29 208,896 ----a-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    - 2009-01-22 11:54:32 217,088 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2009-01-23 09:58:52 217,088 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    - 2009-01-22 10:53:21 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-01-23 10:04:26 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-01-22 10:53:21 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-23 10:04:26 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-01-22 10:53:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-01-23 10:04:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-01-22 10:13:04 3,488 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\374A80692ED04D9AC40B599AD4B98456EEB9F18D\374A80692ED04D9AC40B599AD4B98456EEB9F18D\Data.dat
    + 2009-01-23 10:02:30 3,488 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\374A80692ED04D9AC40B599AD4B98456EEB9F18D\374A80692ED04D9AC40B599AD4B98456EEB9F18D\Data.dat
    - 2009-01-22 10:13:44 6,284 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\Data.dat
    + 2009-01-23 10:01:20 6,284 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\Data.dat
    + 2009-01-23 10:08:05 6,392 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\BA73419CB1C7E95D312F7EAF9967147ADD5FC0F1\BA73419CB1C7E95D312F7EAF9967147ADD5FC0F1\Data.dat
    - 2009-01-22 11:39:40 5,538 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E6D66408E2E8C41284F6F3818922AE0585617EED\E6D66408E2E8C41284F6F3818922AE0585617EED\Data.dat
    + 2009-01-23 10:02:48 5,538 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E6D66408E2E8C41284F6F3818922AE0585617EED\E6D66408E2E8C41284F6F3818922AE0585617EED\Data.dat
    - 2009-01-22 10:55:21 4,406 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362563087-4043872937-584202697-1000_UserData.bin
    + 2009-01-23 10:00:01 4,422 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362563087-4043872937-584202697-1000_UserData.bin
    - 2009-01-22 10:55:20 77,842 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-01-23 10:00:01 77,842 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-01-22 10:55:18 57,734 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-01-23 10:00:00 58,086 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-01-22 10:28:39 235,616 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-01-22 16:44:42 235,822 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1006286a-b660-89f4-0e9f-ca8ed270ea1e}]
    2009-01-06 20:51 680448 --a------ c:\windows\system32\nsm3363.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-05-14 16:05 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
    "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 4891472]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 c:\windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
    2008-03-25 14:24 567560 c:\program files\Common Files\SPBA\homefus2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=G

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "Steam"="c:\program files\valve\steam\steam.exe" -silent
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    "ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    "PLFSetI"=c:\windows\PLFSetI.exe
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE
    "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe"
    "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    "WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{FAE04AF8-863F-48CB-AC2D-F3C163FB7E13}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
    "{89799D38-6725-4CE5-9D1E-6E30415FE623}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
    "{D44F326E-3D01-4696-9E32-3ED5D49B0E4B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
    "{71E00646-63EC-47AC-B284-2EA545130FD0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
    "{57BDCF60-2235-4679-8101-B9BD26C60ED2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
    "{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
    "{44132C7C-6906-4ED8-ABA6-2596681E8633}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
    "{30A1F990-1B0B-408D-9385-E83FF29BE07F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{2FCDE318-182E-4D8F-9169-FE74FBB301CE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{918C7534-F0FA-4C43-B4A8-282F5DF8BF92}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{659A4D55-1C3E-4393-8DBD-30DA70EECADC}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
    "{3D2990DE-F511-4D4B-8AF5-48A5774BE1C7}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{FCF7DE19-0BA7-4364-A19D-B5618BE3AC2D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{63DC4CE4-2900-4A51-ACFE-D456631A150C}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{15CE0FF7-5A43-4109-B047-31C25420C096}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{F261F141-D8DF-47C3-ADE8-88816CF7EA5A}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "TCP Query User{9A0278DA-8BA4-40AD-BAE8-D0697B3515DE}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
    "UDP Query User{42C7E423-956D-4E3C-93CB-D98ED432D61A}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
    "TCP Query User{5A68FABE-3451-49BA-9FA8-0B9C1CC772D9}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
    "UDP Query User{82C4AE81-B1B2-46DA-A53A-68E654D78032}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
    "TCP Query User{9896BC85-D72B-4F0B-95A7-0E41ADB0B075}c:\\program files\\valve\\steam\\steamapps\\tanis677\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\tanis677\counter-strike source\hl2.exe:hl2
    "UDP Query User{55E2C78A-F68F-4191-BEC5-688F4EE0D293}c:\\program files\\valve\\steam\\steamapps\\tanis677\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\tanis677\counter-strike source\hl2.exe:hl2
    "{D491F67F-B2BD-40D9-9231-85B0E99CC0DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{D70AF408-594B-451D-BB13-A6F80C0C8B19}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{40213D06-FAAF-4A92-9E41-E56F90010095}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{1C4E7572-A691-4162-B524-07F0CB7DAA9C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{6D211B05-D763-482C-9E9A-6D486C122040}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= UDP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops
    "UDP Query User{621CE8B4-0002-45E6-8129-3C0322E74CB5}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= TCP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops
    "TCP Query User{6A0DBC0D-DC6E-40B6-B0EA-34BF7CBAEA0B}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
    "UDP Query User{64B99D56-3138-4FB7-9088-3090A5D4585C}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing

    R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [2008-09-23 48128]
    R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [2008-07-25 3658752]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-06-25 44064]
    R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]
    R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
    R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-07-25 24576]
    R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-14 203280]
    R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
    R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
    R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-10-15 233472]
    R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-20 603904]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-13 24064]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
    S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2008-12-13 110576]
    S4 0129161231500970mcinstcleanup;McAfee Application Installer Cleanup (0129161231500970);c:\windows\TEMP\[u]0/u12916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\[u]0/u12916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-23 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04]

    2008-12-14 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2009-01-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
    .
    .
    ------- Examen supplémentaire -------
    .
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
    FF - ProfilePath - c:\users\Francois\AppData\Roaming\Mozilla\Firefox\Profiles\yyxi0bj2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - component: c:\program files\Mozilla Firefox\components\nssnappyads.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-23 11:13:34
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(5112)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\users\Francois\AppData\Local\Temp\catchme.dll
    .
    Heure de fin: 2009-01-23 11:16:29
    ComboFix-quarantined-files.txt 2009-01-23 10:15:11
    ComboFix2.txt 2009-01-22 11:56:26

    Avant-CF: 87 374 381 056 octets libres
    Après-CF: 87,347,388,416 octets libres

    326 --- E O F --- 2009-01-21 10:09:44
    0
  9. Utilisateur anonyme
     
    Re,

    * On reprends, ce n'etait pas complet :

    /!\ Desactives tes protections residentes ( antivirus, antispyware...)

    * Deconnectes toi et fermes toutes les applications en cours

    * Copies ( CTRL + C) le texte ci-dessous :

    KillAll::

    File::

    c:\windows\System32\cont_snappyads_remove.exe
    c:\windows\System32\Ibetzdrunolfhhrtq.dll-uninstall.exe
    c:\windows\System32\idslqavnsqklgg.exe
    c:\windows\System32\authuitu.dll
    c:\windows\System32\3363.dll
    c:\program files\mozilla firefox\components\nssnappyads.dll

    Registry::

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1006286a-b660-89f4-0e9f-ca8ed270ea1e}]
    2009-01-06 20h51 680448 --a------c:\windows\system32\nsm3363.dll

    * Ouvres le bloc note :
    --> demarrer --> tous les programmes --> accessoires ---> bloc-notes

    * Puis colle ( CTRL + V) le texte precedemment copié.

    * Sauvegarde le fichier sous le nom de CFScript

    * Fais glisser le dossier sur ComboFix.exe
    --> Cela va redemarrer Combofix
    --> Tapes 1 puis valides

    * Il y aura plusieurs redemarrage, laisses faire

    * A la fin, un rapport est généré, postes le
    0
  10. Fly
     
    ComboFix 09-01-20.05 - Francois 2009-01-23 12:17:42.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3066.1635 [GMT 1:00]
    Lancé depuis: c:\users\Francois\Downloads\ComboFix.exe
    Commutateurs utilisés :: c:\users\Francois\Desktop\CFScript.txt
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-22 12:00 . 2009-01-22 12:01 <REP> d-------- C:\rsit
    2009-01-22 12:00 . 2009-01-22 12:01 <REP> d-------- c:\program files\trend micro
    2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\users\Francois\AppData\Roaming\Malwarebytes
    2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\users\All Users\Malwarebytes
    2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\programdata\Malwarebytes
    2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-22 11:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2009-01-22 11:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2009-01-20 13:19 . 2009-01-20 13:19 85,208 --a------ c:\windows\System32\cont_snappyads-remove.exe
    2009-01-20 13:19 . 2009-01-20 13:19 69,027 --a------ c:\windows\System32\lbetzdrunolfhhrtq.dll-uninst.exe
    2009-01-20 13:19 . 2009-01-20 13:19 47,584 --a------ c:\windows\System32\idslqavnsqklgg.exe
    2009-01-20 11:28 . 2009-01-20 11:28 603,904 --a------ c:\windows\System32\TUProgSt.exe
    2009-01-20 11:28 . 2009-01-20 11:28 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
    2009-01-20 11:28 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
    2009-01-20 11:28 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\users\Francois\AppData\Roaming\TuneUp Software
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\users\All Users\TuneUp Software
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\programdata\TuneUp Software
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\program files\TuneUp Utilities 2009
    2009-01-19 12:31 . 2009-01-19 12:31 <REP> d-------- c:\users\Francois\AppData\Roaming\Shareaza
    2009-01-19 12:31 . 2009-01-19 12:31 <REP> d-------- c:\program files\Shareaza
    2009-01-15 20:31 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
    2009-01-14 14:09 . 2009-01-14 14:09 <REP> d-------- c:\program files\Custom-Strike
    2009-01-14 14:09 . 1998-06-18 00:00 89,360 --a------ c:\windows\System32\VB5DB.DLL
    2009-01-06 20:51 . 2009-01-06 20:51 680,448 --a------ c:\windows\System32\nsm3363.dll
    2009-01-03 18:25 . 2009-01-03 18:25 <REP> d-------- c:\program files\RegCleaner
    2008-12-29 23:27 . 2008-12-29 23:28 <REP> d-------- c:\users\All Users\Lavasoft
    2008-12-29 23:27 . 2008-12-29 23:28 <REP> d-------- c:\programdata\Lavasoft
    2008-12-29 23:27 . 2008-12-29 23:27 <REP> d-------- c:\program files\Lavasoft
    2008-12-29 23:25 . 2008-12-29 23:25 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
    2008-12-29 23:14 . 2008-12-29 23:14 <REP> d-------- c:\users\Francois\AppData\Roaming\dvdcss
    2008-12-28 16:08 . 2009-01-12 08:39 <REP> d-------- c:\users\Francois\AppData\Roaming\vlc
    2008-12-28 16:06 . 2008-12-28 16:06 <REP> d-------- c:\program files\VideoLAN
    2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\users\All Users\Downloaded Installations
    2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\programdata\Downloaded Installations
    2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\program files\VirginMega
    2008-12-28 11:13 . 2009-01-20 10:34 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
    2008-12-28 11:13 . 2009-01-20 10:34 <REP> d-------- c:\programdata\Spybot - Search & Destroy
    2008-12-28 11:13 . 2008-12-28 11:13 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2008-12-28 00:37 . 2008-12-28 00:37 <REP> d-------- c:\program files\CCleaner
    2008-12-27 23:05 . 2008-12-27 23:05 <REP> d-------- c:\users\All Users\Age of Empires 3
    2008-12-27 23:05 . 2008-12-27 23:05 <REP> d-------- c:\programdata\Age of Empires 3
    2008-12-26 13:04 . 2008-12-26 13:04 <REP> d-------- c:\users\Francois\AppData\Roaming\Leadertech
    2008-12-26 13:00 . 2008-12-26 13:00 <REP> d-------- c:\program files\NovaLogic
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d----c--- c:\windows\System32\DRVSTORE
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\users\Francois\AppData\Roaming\Apple Computer
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\program files\iTunes
    2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\program files\iPod
    2008-12-26 11:49 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
    2008-12-26 11:49 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
    2008-12-26 11:48 . 2009-01-22 10:39 <REP> d-------- c:\program files\Bonjour
    2008-12-26 11:46 . 2008-12-26 11:49 <REP> d-------- c:\users\All Users\Apple Computer
    2008-12-26 11:46 . 2008-12-26 11:49 <REP> d-------- c:\programdata\Apple Computer
    2008-12-26 11:46 . 2008-12-26 11:47 <REP> d-------- c:\program files\QuickTime
    2008-12-26 11:46 . 2008-12-26 11:46 <REP> d-------- c:\program files\Apple Software Update
    2008-12-26 11:43 . 2008-12-26 11:43 <REP> d-------- c:\users\All Users\Apple
    2008-12-26 11:43 . 2008-12-26 11:43 <REP> d-------- c:\programdata\Apple
    2008-12-26 11:43 . 2008-12-26 11:49 <REP> d-------- c:\program files\Common Files\Apple
    2008-12-25 00:41 . 2009-01-12 08:39 <REP> d-------- c:\program files\GUILD WARS

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-23 11:16 70,072 ----a-w c:\users\All Users\nvModes.dat
    2009-01-23 11:16 70,072 ----a-w c:\programdata\nvModes.dat
    2009-01-22 09:40 --------- d-----w c:\program files\Big Kahuna Reef
    2009-01-19 11:24 --------- d-----w c:\program files\Common Files\Steam
    2009-01-18 20:53 --------- d-----w c:\program files\World of Warcraft
    2009-01-15 22:29 --------- d-----w c:\program files\Windows Mail
    2009-01-14 13:09 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-10 11:19 --------- d-----w c:\program files\McAfee
    2008-12-31 22:17 --------- d-----w c:\programdata\TrackMania
    2008-12-28 10:19 --------- d-----w c:\programdata\CyberLink
    2008-12-28 10:18 --------- d-----w c:\program files\Cyberlink
    2008-12-27 22:02 --------- d-----w c:\program files\Microsoft Games
    2008-12-22 20:43 --------- d-----w c:\program files\Common Files\InstallShield
    2008-12-22 20:27 --------- d-----w c:\program files\Age Of Empires 3 Incl Expansion and keys
    2008-12-22 20:19 --------- d-----w c:\program files\COD4MW
    2008-12-22 18:36 --------- d-----w c:\programdata\ma-config.com
    2008-12-22 18:36 --------- d-----w c:\program files\ma-config.com
    2008-12-21 21:41 --------- d-----w c:\program files\Windows Live
    2008-12-21 21:41 --------- d-----w c:\program files\Microsoft
    2008-12-21 21:39 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
    2008-12-21 21:37 --------- d-----w c:\program files\Windows Live SkyDrive
    2008-12-21 21:06 --------- d-----w c:\program files\SiteAdvisor
    2008-12-15 13:06 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-15 11:50 --------- d-----w c:\program files\Acer
    2008-12-15 03:28 --------- d-----w c:\programdata\Microsoft Help
    2008-12-15 02:59 --------- d-----w c:\program files\Microsoft Works
    2008-12-15 02:58 --------- d-----w c:\program files\MSXML 4.0
    2008-12-15 00:34 --------- d-----w c:\users\Francois\AppData\Roaming\CyberLink
    2008-12-14 22:02 --------- d-----w c:\programdata\SiteAdvisor
    2008-12-14 22:02 --------- d-----w c:\programdata\McAfee
    2008-12-14 21:54 --------- d-----w c:\program files\TmNationsForever
    2008-12-14 21:12 --------- d-----w c:\program files\Quake III Arena
    2008-12-14 20:47 --------- d-----w c:\program files\Acer GameZone
    2008-12-14 20:41 --------- d-----w c:\program files\eSobi
    2008-12-14 20:40 --------- d-----w c:\programdata\eSobi
    2008-12-14 20:39 --------- d-----w c:\users\Francois\AppData\Roaming\eSobi
    2008-12-14 19:54 --------- d-----w c:\program files\Common Files\Windows Live
    2008-12-14 19:51 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
    2008-12-14 19:50 --------- d-----w c:\programdata\WLInstaller
    2008-12-14 18:36 --------- d-----w c:\users\Francois\AppData\Roaming\Acer
    2008-12-14 13:15 --------- d-----w c:\program files\Valve
    2008-12-14 12:56 --------- d-----w c:\programdata\Prism
    2008-12-14 07:56 --------- d-----w c:\program files\Inventel
    2008-12-13 21:51 --------- d-----w c:\programdata\Partner
    2008-12-13 21:51 --------- d-----w c:\program files\Google
    2008-12-13 21:47 --------- d-sh--w c:\programdata\Modèles
    2008-12-13 21:47 --------- d-sh--w c:\programdata\Menu Démarrer
    2008-12-13 21:47 --------- d-sh--w c:\programdata\Favoris
    2008-12-13 21:47 --------- d-sh--w c:\programdata\Bureau
    2008-12-13 21:47 --------- d-sh--w c:\program files\Fichiers communs
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
    2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
    2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
    2009-01-06 19:51 652,800 ----a-w c:\program files\mozilla firefox\components\nssnappyads.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-22_12.55.04,55 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-22 10:53:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-01-23 09:57:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-01-22 10:53:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-01-23 09:57:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-01-22 11:54:25 208,896 ----a-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2009-01-23 09:59:29 208,896 ----a-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    - 2009-01-22 11:54:32 217,088 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2009-01-23 11:19:18 217,088 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    - 2009-01-22 10:53:21 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-01-23 10:04:26 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-01-22 10:53:21 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-23 10:04:26 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-01-22 10:53:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-01-23 10:04:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-01-23 10:19:11 5,010 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\[u]0/u193B6200BE975717A92D83470069F751A8D26DC\[u]0/u193B6200BE975717A92D83470069F751A8D26DC\Data.dat
    - 2009-01-22 10:13:04 3,488 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\374A80692ED04D9AC40B599AD4B98456EEB9F18D\374A80692ED04D9AC40B599AD4B98456EEB9F18D\Data.dat
    + 2009-01-23 10:02:30 3,488 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\374A80692ED04D9AC40B599AD4B98456EEB9F18D\374A80692ED04D9AC40B599AD4B98456EEB9F18D\Data.dat
    - 2009-01-22 10:13:44 6,284 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\Data.dat
    + 2009-01-23 10:01:20 6,284 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\Data.dat
    + 2009-01-23 10:08:05 6,392 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\BA73419CB1C7E95D312F7EAF9967147ADD5FC0F1\BA73419CB1C7E95D312F7EAF9967147ADD5FC0F1\Data.dat
    - 2009-01-22 11:39:40 5,538 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E6D66408E2E8C41284F6F3818922AE0585617EED\E6D66408E2E8C41284F6F3818922AE0585617EED\Data.dat
    + 2009-01-23 10:02:48 5,538 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E6D66408E2E8C41284F6F3818922AE0585617EED\E6D66408E2E8C41284F6F3818922AE0585617EED\Data.dat
    - 2009-01-22 10:55:21 4,406 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362563087-4043872937-584202697-1000_UserData.bin
    + 2009-01-23 10:00:01 4,422 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362563087-4043872937-584202697-1000_UserData.bin
    - 2009-01-22 10:55:20 77,842 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-01-23 10:00:01 77,842 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-01-22 10:55:18 57,734 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-01-23 10:00:00 58,086 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-01-22 10:28:39 235,616 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-01-22 16:44:42 235,822 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1006286a-b660-89f4-0e9f-ca8ed270ea1e}]
    2009-01-06 20:51 680448 --a------ c:\windows\system32\nsm3363.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-05-14 16:05 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
    "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 4891472]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 c:\windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
    2008-03-25 14:24 567560 c:\program files\Common Files\SPBA\homefus2.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    "ehTray.exe"=c:\windows\ehome\ehTray.exe
    "Steam"="c:\program files\valve\steam\steam.exe" -silent
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    "ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    "PLFSetI"=c:\windows\PLFSetI.exe
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE
    "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe"
    "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    "WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{FAE04AF8-863F-48CB-AC2D-F3C163FB7E13}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
    "{89799D38-6725-4CE5-9D1E-6E30415FE623}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
    "{D44F326E-3D01-4696-9E32-3ED5D49B0E4B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
    "{71E00646-63EC-47AC-B284-2EA545130FD0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
    "{57BDCF60-2235-4679-8101-B9BD26C60ED2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
    "{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
    "{44132C7C-6906-4ED8-ABA6-2596681E8633}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
    "{30A1F990-1B0B-408D-9385-E83FF29BE07F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{2FCDE318-182E-4D8F-9169-FE74FBB301CE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{918C7534-F0FA-4C43-B4A8-282F5DF8BF92}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{659A4D55-1C3E-4393-8DBD-30DA70EECADC}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
    "{3D2990DE-F511-4D4B-8AF5-48A5774BE1C7}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{FCF7DE19-0BA7-4364-A19D-B5618BE3AC2D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{63DC4CE4-2900-4A51-ACFE-D456631A150C}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{15CE0FF7-5A43-4109-B047-31C25420C096}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{F261F141-D8DF-47C3-ADE8-88816CF7EA5A}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "TCP Query User{9A0278DA-8BA4-40AD-BAE8-D0697B3515DE}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
    "UDP Query User{42C7E423-956D-4E3C-93CB-D98ED432D61A}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
    "TCP Query User{5A68FABE-3451-49BA-9FA8-0B9C1CC772D9}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
    "UDP Query User{82C4AE81-B1B2-46DA-A53A-68E654D78032}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
    "TCP Query User{9896BC85-D72B-4F0B-95A7-0E41ADB0B075}c:\\program files\\valve\\steam\\steamapps\\tanis677\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\tanis677\counter-strike source\hl2.exe:hl2
    "UDP Query User{55E2C78A-F68F-4191-BEC5-688F4EE0D293}c:\\program files\\valve\\steam\\steamapps\\tanis677\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\tanis677\counter-strike source\hl2.exe:hl2
    "{D491F67F-B2BD-40D9-9231-85B0E99CC0DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{D70AF408-594B-451D-BB13-A6F80C0C8B19}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{40213D06-FAAF-4A92-9E41-E56F90010095}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{1C4E7572-A691-4162-B524-07F0CB7DAA9C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{6D211B05-D763-482C-9E9A-6D486C122040}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= UDP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops
    "UDP Query User{621CE8B4-0002-45E6-8129-3C0322E74CB5}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= TCP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops
    "TCP Query User{6A0DBC0D-DC6E-40B6-B0EA-34BF7CBAEA0B}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
    "UDP Query User{64B99D56-3138-4FB7-9088-3090A5D4585C}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing

    R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [2008-09-23 48128]
    R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [2008-07-25 3658752]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-06-25 44064]
    R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]
    R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
    R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-07-25 24576]
    R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-14 203280]
    R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
    R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
    R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-10-15 233472]
    R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-20 603904]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-13 24064]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
    S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2008-12-13 110576]
    S4 0129161231500970mcinstcleanup;McAfee Application Installer Cleanup (0129161231500970);c:\windows\TEMP\[u]0/u12916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\[u]0/u12916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-23 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04]

    2008-12-14 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2009-01-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
    .
    .
    ------- Examen supplémentaire -------
    .
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
    FF - ProfilePath - c:\users\Francois\AppData\Roaming\Mozilla\Firefox\Profiles\yyxi0bj2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - component: c:\program files\Mozilla Firefox\components\nssnappyads.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-23 12:19:24
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(3496)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    .
    Heure de fin: 2009-01-23 12:21:04
    ComboFix-quarantined-files.txt 2009-01-23 11:21:01
    ComboFix2.txt 2009-01-23 10:16:30
    ComboFix3.txt 2009-01-22 11:56:26

    Avant-CF: 86 578 409 472 octets libres
    Après-CF: 86,546,026,496 octets libres

    329 --- E O F --- 2009-01-21 10:09:44
    0
  11. Utilisateur anonyme
     
    Re,

    * Désolé, tu as été trop rapide
    --> une erreur de frappe que j'ai corrigé

    * Il faut recommencer le dernier Script --> ça doit passer normalement !
    0
  12. fly
     
    mon pc redemarre plus y a un ecran noir mais mon disque dur cherche....
    0
  13. Utilisateur anonyme
     
    Re,

    * si le scan est fini
    --> essayes ceci : Presses les touches Ctrl + Alt + supp
    --> onglet " fichier " --> nouvelles taches --> tapes explorer.exe et valides
    0
  14. fly
     
    Ba ca ne repond pas quand je clique ctrk+alt+sup

    Je stress ^^
    0
  15. Utilisateur anonyme
     
    Re,

    * As-tu accés au mode sans echec ?
    -->tu tapotes sur la touche F8 ou F5 au demarrage du pc
    ---> un ecran avec plusieurs options va apparaitre
    ----> choisis mode sans echec et valides par la touche " Entrée "

    * Dis moi si ça marche ou non !
    0
  16. fly
     
    J'ai activé lemode sans echec mais toujours le meme cran noir ... y a pas moyen de le restaurer via les points de restaurations,??
    0