Plublicité intempestive

Question

Bonjour,
voila j'ai des publicites qui s'affichent toutes seules ... et mon pc galere un peu !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:09, on 22/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32undll32.exe
C:\Windows\System32egsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Francois\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Francois\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: snappyads - {1006286a-b660-89f4-0e9f-ca8ed270ea1e} - C:\Windows\system32
sm3363.dll
O2 - BHO: snappyads browser enhancer - {31DF4105-A33B-E642-24BD-AB9180EEBB6C} - C:\Windows\system32\sjhgjjupdpp.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: mysidesearch search enhancer - {C3DE28E8-993E-C258-3A1C-8406BBE7BFEC} - C:\Windows\system32\lbetzdrunolfhhrtq.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [coasbejcdgsgd] C:\Windows\System32egsvr32.exe /s "C:\Windows\system32\sjhgjjupdpp.dll"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Windows\
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: McAfee Application Installer Cleanup (0129161231500970) (0129161231500970mcinstcleanup) - Unknown owner - C:\Windows\TEMP\012916~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

Bonjour,

* Telecharges Malwarebytes :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
à la fin du telechargement, laisses faire la mise a jour

* Fermes tous les programmes et lances mbam

* Clique sur recherche --> executes un examen rapide

* A la fin du scan, cliques sur afficher les resultats

* Puis sur supprimer la selection
--> si mbam doit redemarrer pour finir la desinfection, fais le

* postes le rapport généré

Utilisateur anonyme · Answer

Re,

* Vides la quarantaine de Malwarebytes
--> ouvres mbam --> quarantaine --> supprimes ce qui s'y trouve

* Telecharges RSIT sur ton bureau :
http://images.malwareremoval.com/random/RSIT.exe

* Double-cliques sur RSIT.exe pour lancer le programme

* Cliques sur "Continue" à l'écran Disclaimer

* Si l'outil Hijackthis n'est pas detecté ou non-présent, RSIT le
   telechargera --> acceptes la license

* Lorsque l'analyse est finie : --> 2 fichiers s'ouvrent
   Postes le contenu de log.txt et info.txt
   ( dans la barre de taches )

* Les rapports sont aussi à C:\Rsit.txt

Utilisateur anonyme · Answer

Re,


* Sous vista : il faut desactiver le controle des comptes utilisateurs
 --> pas de double clique --> clic droit ( executer en tant qu'administrateur )
Telecharges Combofix sur ton bureau :
 http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Deconnectes toi du net et fermes toutes les applications en cours /!\

/!\ Desactives ton antivirus et le tea-timer de Spybot /!\

* pour le tea-timer :
 --> ouvres spybot --> cliques sur mode ,avancé --> outil --> Resident 
      et decoches la case du tea-timer --> Ne le reactives qu'à la fin de 
       la desinfection..

* Cic droit  sur ComboFix.exe --> executer en tant qu'administrateur
 --> un pop up apparait --> reponds oui
( vu la puissance de l'outil, il est conseillé d'installer la console de recuperations )

* Choisis la langue et tapes sur la touche " 1 " ( yes) pour demarrer le scan

/!\ Ne touche ni à ta souris, ni ton clavier pendant le scan /!\

* En fin de scan, il est possible que l'outil ait besoin de redemarrer pour finir la desinfection
   laisses le faire

* Une fois le scan fini, un rapport s'etablit
  - postes son contenu

Note : le rapport est aussi à C:\combofix.txt

Utilisateur anonyme · Answer

Re,

Desactives ton antivirus et la garde de ton antispyware /!\

* Fermes tous les programmes en cours

* Copies ( CTRL + C) le texte ci-dessous : 





File::

c:\windows\System32\cont_snappyads_remove.exe
c:\windows\System32\Ibetzdrunolfhhtrq.dll
c:\windows\System32\idslqavnsqklgg.exe
c:\windows\System32\3363.dll
c:\Program Files\mozilla firefox\components
ssnappyads.dll








* Ouvres le bloc-note : ( demarrer ---> accessoires ---> bloc-notes)
--> Colles le texte precedemment copié et sauvegarde le fichier
      sous le nom de " CFScript "

* Fait glisser le dossier sur l'icone de ComboFix.exe comme ici :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

* Cela va redemarrer l'outil --> tapes sur 1 puis valides

/!\ ne touche pas à ta souris ou ton clavier pendant le scan /!\

* Laisses le fix travailler et aprés redemarrage :
--> postes le rapport généré


-----------------------------------------------/                  \------------------------------------------------

Utilisateur anonyme · Answer

Hello

Je pense qu'avec ce nom de fichier cela ne marchera pas :  CFSript 

CFScript,  c'est mieux ;)

Au passage :

VB5DB.DLL

++

Utilisateur anonyme · Answer

Bonjour Fly,

* Tu n'ai pas reapparu !
 je t'ai laissé des instructions --> CFScript

Fly · Answer

ComboFix 09-01-20.05 - Francois 2009-01-23 12:17:42.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3066.1635 [GMT 1:00]
Lancé depuis: c:\users\Francois\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\Francois\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 ))))))))))))))))))))))))))))))))))))
.

2009-01-22 12:00 . 2009-01-22 12:01 <REP> d-------- C:\rsit
2009-01-22 12:00 . 2009-01-22 12:01 <REP> d-------- c:\program files\trend micro
2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\users\Francois\AppData\Roaming\Malwarebytes
2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\programdata\Malwarebytes
2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-22 11:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-22 11:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-20 13:19 . 2009-01-20 13:19 85,208 --a------ c:\windows\System32\cont_snappyads-remove.exe
2009-01-20 13:19 . 2009-01-20 13:19 69,027 --a------ c:\windows\System32\lbetzdrunolfhhrtq.dll-uninst.exe
2009-01-20 13:19 . 2009-01-20 13:19 47,584 --a------ c:\windows\System32\idslqavnsqklgg.exe
2009-01-20 11:28 . 2009-01-20 11:28 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-01-20 11:28 . 2009-01-20 11:28 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-01-20 11:28 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-01-20 11:28 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\users\Francois\AppData\Roaming\TuneUp Software
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\users\All Users\TuneUp Software
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\programdata\TuneUp Software
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\program files\TuneUp Utilities 2009
2009-01-19 12:31 . 2009-01-19 12:31 <REP> d-------- c:\users\Francois\AppData\Roaming\Shareaza
2009-01-19 12:31 . 2009-01-19 12:31 <REP> d-------- c:\program files\Shareaza
2009-01-15 20:31 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-14 14:09 . 2009-01-14 14:09 <REP> d-------- c:\program files\Custom-Strike
2009-01-14 14:09 . 1998-06-18 00:00 89,360 --a------ c:\windows\System32\VB5DB.DLL
2009-01-06 20:51 . 2009-01-06 20:51 680,448 --a------ c:\windows\System32\nsm3363.dll
2009-01-03 18:25 . 2009-01-03 18:25 <REP> d-------- c:\program files\RegCleaner
2008-12-29 23:27 . 2008-12-29 23:28 <REP> d-------- c:\users\All Users\Lavasoft
2008-12-29 23:27 . 2008-12-29 23:28 <REP> d-------- c:\programdata\Lavasoft
2008-12-29 23:27 . 2008-12-29 23:27 <REP> d-------- c:\program files\Lavasoft
2008-12-29 23:25 . 2008-12-29 23:25 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-29 23:14 . 2008-12-29 23:14 <REP> d-------- c:\users\Francois\AppData\Roaming\dvdcss
2008-12-28 16:08 . 2009-01-12 08:39 <REP> d-------- c:\users\Francois\AppData\Roaming\vlc
2008-12-28 16:06 . 2008-12-28 16:06 <REP> d-------- c:\program files\VideoLAN
2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\users\All Users\Downloaded Installations
2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\programdata\Downloaded Installations
2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\program files\VirginMega
2008-12-28 11:13 . 2009-01-20 10:34 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-28 11:13 . 2009-01-20 10:34 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-28 11:13 . 2008-12-28 11:13 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 00:37 . 2008-12-28 00:37 <REP> d-------- c:\program files\CCleaner
2008-12-27 23:05 . 2008-12-27 23:05 <REP> d-------- c:\users\All Users\Age of Empires 3
2008-12-27 23:05 . 2008-12-27 23:05 <REP> d-------- c:\programdata\Age of Empires 3
2008-12-26 13:04 . 2008-12-26 13:04 <REP> d-------- c:\users\Francois\AppData\Roaming\Leadertech
2008-12-26 13:00 . 2008-12-26 13:00 <REP> d-------- c:\program files\NovaLogic
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d----c--- c:\windows\System32\DRVSTORE
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\users\Francois\AppData\Roaming\Apple Computer
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\program files\iTunes
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\program files\iPod
2008-12-26 11:49 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-12-26 11:49 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-12-26 11:48 . 2009-01-22 10:39 <REP> d-------- c:\program files\Bonjour
2008-12-26 11:46 . 2008-12-26 11:49 <REP> d-------- c:\users\All Users\Apple Computer
2008-12-26 11:46 . 2008-12-26 11:49 <REP> d-------- c:\programdata\Apple Computer
2008-12-26 11:46 . 2008-12-26 11:47 <REP> d-------- c:\program files\QuickTime
2008-12-26 11:46 . 2008-12-26 11:46 <REP> d-------- c:\program files\Apple Software Update
2008-12-26 11:43 . 2008-12-26 11:43 <REP> d-------- c:\users\All Users\Apple
2008-12-26 11:43 . 2008-12-26 11:43 <REP> d-------- c:\programdata\Apple
2008-12-26 11:43 . 2008-12-26 11:49 <REP> d-------- c:\program files\Common Files\Apple
2008-12-25 00:41 . 2009-01-12 08:39 <REP> d-------- c:\program files\GUILD WARS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 11:16 70,072 ----a-w c:\users\All Users\nvModes.dat
2009-01-23 11:16 70,072 ----a-w c:\programdata\nvModes.dat
2009-01-22 09:40 --------- d-----w c:\program files\Big Kahuna Reef
2009-01-19 11:24 --------- d-----w c:\program files\Common Files\Steam
2009-01-18 20:53 --------- d-----w c:\program files\World of Warcraft
2009-01-15 22:29 --------- d-----w c:\program files\Windows Mail
2009-01-14 13:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-10 11:19 --------- d-----w c:\program files\McAfee
2008-12-31 22:17 --------- d-----w c:\programdata\TrackMania
2008-12-28 10:19 --------- d-----w c:\programdata\CyberLink
2008-12-28 10:18 --------- d-----w c:\program files\Cyberlink
2008-12-27 22:02 --------- d-----w c:\program files\Microsoft Games
2008-12-22 20:43 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-22 20:27 --------- d-----w c:\program files\Age Of Empires 3 Incl Expansion and keys
2008-12-22 20:19 --------- d-----w c:\program files\COD4MW
2008-12-22 18:36 --------- d-----w c:\programdata\ma-config.com
2008-12-22 18:36 --------- d-----w c:\program files\ma-config.com
2008-12-21 21:41 --------- d-----w c:\program files\Windows Live
2008-12-21 21:41 --------- d-----w c:\program files\Microsoft
2008-12-21 21:39 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-21 21:37 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-21 21:06 --------- d-----w c:\program files\SiteAdvisor
2008-12-15 13:06 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-15 11:50 --------- d-----w c:\program files\Acer
2008-12-15 03:28 --------- d-----w c:\programdata\Microsoft Help
2008-12-15 02:59 --------- d-----w c:\program files\Microsoft Works
2008-12-15 02:58 --------- d-----w c:\program files\MSXML 4.0
2008-12-15 00:34 --------- d-----w c:\users\Francois\AppData\Roaming\CyberLink
2008-12-14 22:02 --------- d-----w c:\programdata\SiteAdvisor
2008-12-14 22:02 --------- d-----w c:\programdata\McAfee
2008-12-14 21:54 --------- d-----w c:\program files\TmNationsForever
2008-12-14 21:12 --------- d-----w c:\program files\Quake III Arena
2008-12-14 20:47 --------- d-----w c:\program files\Acer GameZone
2008-12-14 20:41 --------- d-----w c:\program files\eSobi
2008-12-14 20:40 --------- d-----w c:\programdata\eSobi
2008-12-14 20:39 --------- d-----w c:\users\Francois\AppData\Roaming\eSobi
2008-12-14 19:54 --------- d-----w c:\program files\Common Files\Windows Live
2008-12-14 19:51 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-14 19:50 --------- d-----w c:\programdata\WLInstaller
2008-12-14 18:36 --------- d-----w c:\users\Francois\AppData\Roaming\Acer
2008-12-14 13:15 --------- d-----w c:\program files\Valve
2008-12-14 12:56 --------- d-----w c:\programdata\Prism
2008-12-14 07:56 --------- d-----w c:\program files\Inventel
2008-12-13 21:51 --------- d-----w c:\programdata\Partner
2008-12-13 21:51 --------- d-----w c:\program files\Google
2008-12-13 21:47 --------- d-sh--w c:\programdata\Modèles
2008-12-13 21:47 --------- d-sh--w c:\programdata\Menu Démarrer
2008-12-13 21:47 --------- d-sh--w c:\programdata\Favoris
2008-12-13 21:47 --------- d-sh--w c:\programdata\Bureau
2008-12-13 21:47 --------- d-sh--w c:\program files\Fichiers communs
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2009-01-06 19:51 652,800 ----a-w c:\program files\mozilla firefox\components\nssnappyads.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-22_12.55.04,55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-22 10:53:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-23 09:57:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-22 10:53:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-23 09:57:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-22 11:54:25 208,896 ----a-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-23 09:59:29 208,896 ----a-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-01-22 11:54:32 217,088 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-23 11:19:18 217,088 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-01-22 10:53:21 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-23 10:04:26 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-22 10:53:21 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-23 10:04:26 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-22 10:53:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-23 10:04:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-23 10:19:11 5,010 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\[u]0/u193B6200BE975717A92D83470069F751A8D26DC\[u]0/u193B6200BE975717A92D83470069F751A8D26DC\Data.dat
- 2009-01-22 10:13:04 3,488 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\374A80692ED04D9AC40B599AD4B98456EEB9F18D\374A80692ED04D9AC40B599AD4B98456EEB9F18D\Data.dat
+ 2009-01-23 10:02:30 3,488 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\374A80692ED04D9AC40B599AD4B98456EEB9F18D\374A80692ED04D9AC40B599AD4B98456EEB9F18D\Data.dat
- 2009-01-22 10:13:44 6,284 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\Data.dat
+ 2009-01-23 10:01:20 6,284 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\Data.dat
+ 2009-01-23 10:08:05 6,392 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\BA73419CB1C7E95D312F7EAF9967147ADD5FC0F1\BA73419CB1C7E95D312F7EAF9967147ADD5FC0F1\Data.dat
- 2009-01-22 11:39:40 5,538 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E6D66408E2E8C41284F6F3818922AE0585617EED\E6D66408E2E8C41284F6F3818922AE0585617EED\Data.dat
+ 2009-01-23 10:02:48 5,538 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E6D66408E2E8C41284F6F3818922AE0585617EED\E6D66408E2E8C41284F6F3818922AE0585617EED\Data.dat
- 2009-01-22 10:55:21 4,406 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362563087-4043872937-584202697-1000_UserData.bin
+ 2009-01-23 10:00:01 4,422 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362563087-4043872937-584202697-1000_UserData.bin
- 2009-01-22 10:55:20 77,842 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-23 10:00:01 77,842 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-22 10:55:18 57,734 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-23 10:00:00 58,086 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-01-22 10:28:39 235,616 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-01-22 16:44:42 235,822 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1006286a-b660-89f4-0e9f-ca8ed270ea1e}]
2009-01-06 20:51 680448 --a------ c:\windows\system32\nsm3363.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 4891472]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24 567560 c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Steam"="c:\program files\valve\steam\steam.exe" -silent
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"PLFSetI"=c:\windows\PLFSetI.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe"
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FAE04AF8-863F-48CB-AC2D-F3C163FB7E13}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{89799D38-6725-4CE5-9D1E-6E30415FE623}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{D44F326E-3D01-4696-9E32-3ED5D49B0E4B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{71E00646-63EC-47AC-B284-2EA545130FD0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{57BDCF60-2235-4679-8101-B9BD26C60ED2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{44132C7C-6906-4ED8-ABA6-2596681E8633}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{30A1F990-1B0B-408D-9385-E83FF29BE07F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2FCDE318-182E-4D8F-9169-FE74FBB301CE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{918C7534-F0FA-4C43-B4A8-282F5DF8BF92}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{659A4D55-1C3E-4393-8DBD-30DA70EECADC}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{3D2990DE-F511-4D4B-8AF5-48A5774BE1C7}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{FCF7DE19-0BA7-4364-A19D-B5618BE3AC2D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{63DC4CE4-2900-4A51-ACFE-D456631A150C}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{15CE0FF7-5A43-4109-B047-31C25420C096}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{F261F141-D8DF-47C3-ADE8-88816CF7EA5A}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{9A0278DA-8BA4-40AD-BAE8-D0697B3515DE}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{42C7E423-956D-4E3C-93CB-D98ED432D61A}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{5A68FABE-3451-49BA-9FA8-0B9C1CC772D9}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"UDP Query User{82C4AE81-B1B2-46DA-A53A-68E654D78032}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"TCP Query User{9896BC85-D72B-4F0B-95A7-0E41ADB0B075}c:\\program files\\valve\\steam\\steamapps\\tanis677\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\tanis677\counter-strike source\hl2.exe:hl2
"UDP Query User{55E2C78A-F68F-4191-BEC5-688F4EE0D293}c:\\program files\\valve\\steam\\steamapps\\tanis677\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\tanis677\counter-strike source\hl2.exe:hl2
"{D491F67F-B2BD-40D9-9231-85B0E99CC0DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D70AF408-594B-451D-BB13-A6F80C0C8B19}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{40213D06-FAAF-4A92-9E41-E56F90010095}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1C4E7572-A691-4162-B524-07F0CB7DAA9C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6D211B05-D763-482C-9E9A-6D486C122040}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= UDP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops
"UDP Query User{621CE8B4-0002-45E6-8129-3C0322E74CB5}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= TCP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops
"TCP Query User{6A0DBC0D-DC6E-40B6-B0EA-34BF7CBAEA0B}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{64B99D56-3138-4FB7-9088-3090A5D4585C}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing

R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [2008-09-23 48128]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [2008-07-25 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-06-25 44064]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]
R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-07-25 24576]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-14 203280]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-10-15 233472]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-20 603904]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-13 24064]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2008-12-13 110576]
S4 0129161231500970mcinstcleanup;McAfee Application Installer Cleanup (0129161231500970);c:\windows\TEMP\[u]0/u12916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\[u]0/u12916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2009-01-23 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04]

2008-12-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
FF - ProfilePath - c:\users\Francois\AppData\Roaming\Mozilla\Firefox\Profiles\yyxi0bj2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\nssnappyads.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 12:19:24
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3496)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Heure de fin: 2009-01-23 12:21:04
ComboFix-quarantined-files.txt 2009-01-23 11:21:01
ComboFix2.txt 2009-01-23 10:16:30
ComboFix3.txt 2009-01-22 11:56:26

Avant-CF: 86 578 409 472 octets libres
Après-CF: 86,546,026,496 octets libres

329 --- E O F --- 2009-01-21 10:09:44

Fly · Answer

tjs le meme souci =(

Utilisateur anonyme · Answer

Re,

* On reprends, ce n'etait pas complet :

/!\ Desactives tes protections residentes ( antivirus, antispyware...)

* Deconnectes toi et fermes toutes les applications en cours

* Copies ( CTRL + C) le texte ci-dessous :







KillAll::


File::

c:\windows\System32\cont_snappyads_remove.exe
c:\windows\System32\Ibetzdrunolfhhrtq.dll-uninstall.exe
c:\windows\System32\idslqavnsqklgg.exe
c:\windows\System32\authuitu.dll
c:\windows\System32\3363.dll
c:\program files\mozilla firefox\components
ssnappyads.dll


Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1006286a-b660-89f4-0e9f-ca8ed270ea1e}]
2009-01-06 20h51 680448 --a------c:\windows\system32
sm3363.dll









* Ouvres le bloc note :
--> demarrer --> tous les programmes --> accessoires ---> bloc-notes

* Puis colle ( CTRL + V) le texte precedemment copié.

* Sauvegarde le fichier sous le nom de CFScript

* Fais glisser le dossier sur ComboFix.exe
--> Cela va redemarrer Combofix
--> Tapes 1 puis valides

* Il y aura plusieurs redemarrage, laisses faire

* A la fin, un rapport est généré, postes le

Fly · Answer

ComboFix 09-01-20.05 - Francois 2009-01-23 12:17:42.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3066.1635 [GMT 1:00]
Lancé depuis: c:\users\Francois\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\Francois\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 ))))))))))))))))))))))))))))))))))))
.

2009-01-22 12:00 . 2009-01-22 12:01 <REP> d-------- C:\rsit
2009-01-22 12:00 . 2009-01-22 12:01 <REP> d-------- c:\program files\trend micro
2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\users\Francois\AppData\Roaming\Malwarebytes
2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\programdata\Malwarebytes
2009-01-22 11:39 . 2009-01-22 11:39 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-22 11:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-22 11:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-20 13:19 . 2009-01-20 13:19 85,208 --a------ c:\windows\System32\cont_snappyads-remove.exe
2009-01-20 13:19 . 2009-01-20 13:19 69,027 --a------ c:\windows\System32\lbetzdrunolfhhrtq.dll-uninst.exe
2009-01-20 13:19 . 2009-01-20 13:19 47,584 --a------ c:\windows\System32\idslqavnsqklgg.exe
2009-01-20 11:28 . 2009-01-20 11:28 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-01-20 11:28 . 2009-01-20 11:28 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-01-20 11:28 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-01-20 11:28 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\users\Francois\AppData\Roaming\TuneUp Software
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\users\All Users\TuneUp Software
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\programdata\TuneUp Software
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-20 11:27 . 2009-01-20 11:27 <REP> d-------- c:\program files\TuneUp Utilities 2009
2009-01-19 12:31 . 2009-01-19 12:31 <REP> d-------- c:\users\Francois\AppData\Roaming\Shareaza
2009-01-19 12:31 . 2009-01-19 12:31 <REP> d-------- c:\program files\Shareaza
2009-01-15 20:31 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-14 14:09 . 2009-01-14 14:09 <REP> d-------- c:\program files\Custom-Strike
2009-01-14 14:09 . 1998-06-18 00:00 89,360 --a------ c:\windows\System32\VB5DB.DLL
2009-01-06 20:51 . 2009-01-06 20:51 680,448 --a------ c:\windows\System32\nsm3363.dll
2009-01-03 18:25 . 2009-01-03 18:25 <REP> d-------- c:\program files\RegCleaner
2008-12-29 23:27 . 2008-12-29 23:28 <REP> d-------- c:\users\All Users\Lavasoft
2008-12-29 23:27 . 2008-12-29 23:28 <REP> d-------- c:\programdata\Lavasoft
2008-12-29 23:27 . 2008-12-29 23:27 <REP> d-------- c:\program files\Lavasoft
2008-12-29 23:25 . 2008-12-29 23:25 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-29 23:14 . 2008-12-29 23:14 <REP> d-------- c:\users\Francois\AppData\Roaming\dvdcss
2008-12-28 16:08 . 2009-01-12 08:39 <REP> d-------- c:\users\Francois\AppData\Roaming\vlc
2008-12-28 16:06 . 2008-12-28 16:06 <REP> d-------- c:\program files\VideoLAN
2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\users\All Users\Downloaded Installations
2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\programdata\Downloaded Installations
2008-12-28 15:54 . 2008-12-28 15:54 <REP> d-------- c:\program files\VirginMega
2008-12-28 11:13 . 2009-01-20 10:34 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-28 11:13 . 2009-01-20 10:34 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-28 11:13 . 2008-12-28 11:13 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 00:37 . 2008-12-28 00:37 <REP> d-------- c:\program files\CCleaner
2008-12-27 23:05 . 2008-12-27 23:05 <REP> d-------- c:\users\All Users\Age of Empires 3
2008-12-27 23:05 . 2008-12-27 23:05 <REP> d-------- c:\programdata\Age of Empires 3
2008-12-26 13:04 . 2008-12-26 13:04 <REP> d-------- c:\users\Francois\AppData\Roaming\Leadertech
2008-12-26 13:00 . 2008-12-26 13:00 <REP> d-------- c:\program files\NovaLogic
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d----c--- c:\windows\System32\DRVSTORE
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\users\Francois\AppData\Roaming\Apple Computer
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\program files\iTunes
2008-12-26 11:49 . 2008-12-26 11:49 <REP> d-------- c:\program files\iPod
2008-12-26 11:49 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-12-26 11:49 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-12-26 11:48 . 2009-01-22 10:39 <REP> d-------- c:\program files\Bonjour
2008-12-26 11:46 . 2008-12-26 11:49 <REP> d-------- c:\users\All Users\Apple Computer
2008-12-26 11:46 . 2008-12-26 11:49 <REP> d-------- c:\programdata\Apple Computer
2008-12-26 11:46 . 2008-12-26 11:47 <REP> d-------- c:\program files\QuickTime
2008-12-26 11:46 . 2008-12-26 11:46 <REP> d-------- c:\program files\Apple Software Update
2008-12-26 11:43 . 2008-12-26 11:43 <REP> d-------- c:\users\All Users\Apple
2008-12-26 11:43 . 2008-12-26 11:43 <REP> d-------- c:\programdata\Apple
2008-12-26 11:43 . 2008-12-26 11:49 <REP> d-------- c:\program files\Common Files\Apple
2008-12-25 00:41 . 2009-01-12 08:39 <REP> d-------- c:\program files\GUILD WARS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 11:16 70,072 ----a-w c:\users\All Users\nvModes.dat
2009-01-23 11:16 70,072 ----a-w c:\programdata\nvModes.dat
2009-01-22 09:40 --------- d-----w c:\program files\Big Kahuna Reef
2009-01-19 11:24 --------- d-----w c:\program files\Common Files\Steam
2009-01-18 20:53 --------- d-----w c:\program files\World of Warcraft
2009-01-15 22:29 --------- d-----w c:\program files\Windows Mail
2009-01-14 13:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-10 11:19 --------- d-----w c:\program files\McAfee
2008-12-31 22:17 --------- d-----w c:\programdata\TrackMania
2008-12-28 10:19 --------- d-----w c:\programdata\CyberLink
2008-12-28 10:18 --------- d-----w c:\program files\Cyberlink
2008-12-27 22:02 --------- d-----w c:\program files\Microsoft Games
2008-12-22 20:43 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-22 20:27 --------- d-----w c:\program files\Age Of Empires 3 Incl Expansion and keys
2008-12-22 20:19 --------- d-----w c:\program files\COD4MW
2008-12-22 18:36 --------- d-----w c:\programdata\ma-config.com
2008-12-22 18:36 --------- d-----w c:\program files\ma-config.com
2008-12-21 21:41 --------- d-----w c:\program files\Windows Live
2008-12-21 21:41 --------- d-----w c:\program files\Microsoft
2008-12-21 21:39 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-21 21:37 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-21 21:06 --------- d-----w c:\program files\SiteAdvisor
2008-12-15 13:06 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-15 11:50 --------- d-----w c:\program files\Acer
2008-12-15 03:28 --------- d-----w c:\programdata\Microsoft Help
2008-12-15 02:59 --------- d-----w c:\program files\Microsoft Works
2008-12-15 02:58 --------- d-----w c:\program files\MSXML 4.0
2008-12-15 00:34 --------- d-----w c:\users\Francois\AppData\Roaming\CyberLink
2008-12-14 22:02 --------- d-----w c:\programdata\SiteAdvisor
2008-12-14 22:02 --------- d-----w c:\programdata\McAfee
2008-12-14 21:54 --------- d-----w c:\program files\TmNationsForever
2008-12-14 21:12 --------- d-----w c:\program files\Quake III Arena
2008-12-14 20:47 --------- d-----w c:\program files\Acer GameZone
2008-12-14 20:41 --------- d-----w c:\program files\eSobi
2008-12-14 20:40 --------- d-----w c:\programdata\eSobi
2008-12-14 20:39 --------- d-----w c:\users\Francois\AppData\Roaming\eSobi
2008-12-14 19:54 --------- d-----w c:\program files\Common Files\Windows Live
2008-12-14 19:51 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-14 19:50 --------- d-----w c:\programdata\WLInstaller
2008-12-14 18:36 --------- d-----w c:\users\Francois\AppData\Roaming\Acer
2008-12-14 13:15 --------- d-----w c:\program files\Valve
2008-12-14 12:56 --------- d-----w c:\programdata\Prism
2008-12-14 07:56 --------- d-----w c:\program files\Inventel
2008-12-13 21:51 --------- d-----w c:\programdata\Partner
2008-12-13 21:51 --------- d-----w c:\program files\Google
2008-12-13 21:47 --------- d-sh--w c:\programdata\Modèles
2008-12-13 21:47 --------- d-sh--w c:\programdata\Menu Démarrer
2008-12-13 21:47 --------- d-sh--w c:\programdata\Favoris
2008-12-13 21:47 --------- d-sh--w c:\programdata\Bureau
2008-12-13 21:47 --------- d-sh--w c:\program files\Fichiers communs
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2009-01-06 19:51 652,800 ----a-w c:\program files\mozilla firefox\components\nssnappyads.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-22_12.55.04,55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-22 10:53:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-23 09:57:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-22 10:53:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-23 09:57:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-22 11:54:25 208,896 ----a-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-23 09:59:29 208,896 ----a-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-01-22 11:54:32 217,088 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-23 11:19:18 217,088 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-01-22 10:53:21 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-23 10:04:26 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-22 10:53:21 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-23 10:04:26 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-22 10:53:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-23 10:04:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-23 10:19:11 5,010 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\[u]0/u193B6200BE975717A92D83470069F751A8D26DC\[u]0/u193B6200BE975717A92D83470069F751A8D26DC\Data.dat
- 2009-01-22 10:13:04 3,488 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\374A80692ED04D9AC40B599AD4B98456EEB9F18D\374A80692ED04D9AC40B599AD4B98456EEB9F18D\Data.dat
+ 2009-01-23 10:02:30 3,488 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\374A80692ED04D9AC40B599AD4B98456EEB9F18D\374A80692ED04D9AC40B599AD4B98456EEB9F18D\Data.dat
- 2009-01-22 10:13:44 6,284 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\Data.dat
+ 2009-01-23 10:01:20 6,284 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\Data.dat
+ 2009-01-23 10:08:05 6,392 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\BA73419CB1C7E95D312F7EAF9967147ADD5FC0F1\BA73419CB1C7E95D312F7EAF9967147ADD5FC0F1\Data.dat
- 2009-01-22 11:39:40 5,538 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E6D66408E2E8C41284F6F3818922AE0585617EED\E6D66408E2E8C41284F6F3818922AE0585617EED\Data.dat
+ 2009-01-23 10:02:48 5,538 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E6D66408E2E8C41284F6F3818922AE0585617EED\E6D66408E2E8C41284F6F3818922AE0585617EED\Data.dat
- 2009-01-22 10:55:21 4,406 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362563087-4043872937-584202697-1000_UserData.bin
+ 2009-01-23 10:00:01 4,422 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362563087-4043872937-584202697-1000_UserData.bin
- 2009-01-22 10:55:20 77,842 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-23 10:00:01 77,842 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-22 10:55:18 57,734 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-23 10:00:00 58,086 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-01-22 10:28:39 235,616 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-01-22 16:44:42 235,822 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1006286a-b660-89f4-0e9f-ca8ed270ea1e}]
2009-01-06 20:51 680448 --a------ c:\windows\system32\nsm3363.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 4891472]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24 567560 c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Steam"="c:\program files\valve\steam\steam.exe" -silent
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"PLFSetI"=c:\windows\PLFSetI.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe"
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FAE04AF8-863F-48CB-AC2D-F3C163FB7E13}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{89799D38-6725-4CE5-9D1E-6E30415FE623}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{D44F326E-3D01-4696-9E32-3ED5D49B0E4B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{71E00646-63EC-47AC-B284-2EA545130FD0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{57BDCF60-2235-4679-8101-B9BD26C60ED2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{44132C7C-6906-4ED8-ABA6-2596681E8633}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{30A1F990-1B0B-408D-9385-E83FF29BE07F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2FCDE318-182E-4D8F-9169-FE74FBB301CE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{918C7534-F0FA-4C43-B4A8-282F5DF8BF92}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{659A4D55-1C3E-4393-8DBD-30DA70EECADC}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{3D2990DE-F511-4D4B-8AF5-48A5774BE1C7}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{FCF7DE19-0BA7-4364-A19D-B5618BE3AC2D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{63DC4CE4-2900-4A51-ACFE-D456631A150C}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{15CE0FF7-5A43-4109-B047-31C25420C096}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{F261F141-D8DF-47C3-ADE8-88816CF7EA5A}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{9A0278DA-8BA4-40AD-BAE8-D0697B3515DE}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{42C7E423-956D-4E3C-93CB-D98ED432D61A}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{5A68FABE-3451-49BA-9FA8-0B9C1CC772D9}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"UDP Query User{82C4AE81-B1B2-46DA-A53A-68E654D78032}c:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:c:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"TCP Query User{9896BC85-D72B-4F0B-95A7-0E41ADB0B075}c:\\program files\\valve\\steam\\steamapps\\tanis677\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\tanis677\counter-strike source\hl2.exe:hl2
"UDP Query User{55E2C78A-F68F-4191-BEC5-688F4EE0D293}c:\\program files\\valve\\steam\\steamapps\\tanis677\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\tanis677\counter-strike source\hl2.exe:hl2
"{D491F67F-B2BD-40D9-9231-85B0E99CC0DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D70AF408-594B-451D-BB13-A6F80C0C8B19}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{40213D06-FAAF-4A92-9E41-E56F90010095}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1C4E7572-A691-4162-B524-07F0CB7DAA9C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6D211B05-D763-482C-9E9A-6D486C122040}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= UDP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops
"UDP Query User{621CE8B4-0002-45E6-8129-3C0322E74CB5}c:\\program files\\novalogic\\joint operations typhoon rising\\jointops.exe"= TCP:c:\program files\novalogic\joint operations typhoon rising\jointops.exe:Jointops
"TCP Query User{6A0DBC0D-DC6E-40B6-B0EA-34BF7CBAEA0B}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{64B99D56-3138-4FB7-9088-3090A5D4585C}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing

R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [2008-09-23 48128]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [2008-07-25 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-06-25 44064]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]
R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-07-25 24576]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-14 203280]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-10-15 233472]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-20 603904]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-13 24064]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2008-12-13 110576]
S4 0129161231500970mcinstcleanup;McAfee Application Installer Cleanup (0129161231500970);c:\windows\TEMP\[u]0/u12916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\[u]0/u12916~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2009-01-23 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04]

2008-12-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_6930g
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
FF - ProfilePath - c:\users\Francois\AppData\Roaming\Mozilla\Firefox\Profiles\yyxi0bj2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\nssnappyads.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 12:19:24
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3496)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Heure de fin: 2009-01-23 12:21:04
ComboFix-quarantined-files.txt 2009-01-23 11:21:01
ComboFix2.txt 2009-01-23 10:16:30
ComboFix3.txt 2009-01-22 11:56:26

Avant-CF: 86 578 409 472 octets libres
Après-CF: 86,546,026,496 octets libres

329 --- E O F --- 2009-01-21 10:09:44

Utilisateur anonyme · Answer

Re,


* Désolé, tu as été trop rapide
--> une erreur de frappe que j'ai corrigé

* Il faut recommencer le dernier Script --> ça doit passer normalement !

fly · Answer

mon pc redemarre plus y a un ecran noir mais mon disque dur cherche....

Utilisateur anonyme · Answer

Re, 


* si le scan est fini
--> essayes ceci : Presses  les touches Ctrl + Alt + supp
--> onglet " fichier " --> nouvelles taches --> tapes explorer.exe et valides

fly · Answer

Ba ca ne repond pas quand je clique ctrk+alt+sup 

Je stress ^^

Utilisateur anonyme · Answer

Re,

* As-tu accés au mode sans echec ?
-->tu tapotes sur la touche F8 ou F5 au demarrage du pc
---> un ecran avec plusieurs options va apparaitre
----> choisis mode sans echec et valides par la touche " Entrée "

* Dis moi si ça marche ou non !

fly · Answer

J'ai activé lemode sans echec mais toujours le meme cran noir ... y a pas moyen de le restaurer via les points de restaurations,??

Plublicité intempestive

16 réponses

Votre réponse

Discussions similaires

Newsletters