Acer qui rame enormement

mathieu1403 Messages postés 24 Statut Membre -  
DeNisCoOl Messages postés 2871 Statut Membre -
Bonjour,
Je viens vous voir suite a des conseils recus dans la partie windows de ce forum.
Je vous fait une copie de ce que je leur ai dit avant qu'ils ne m'aiguillent vers vous :

Bonjour,
Je possede un acer Aspire 5720Z sous Vista SP1,antivirus : Antivir, parefeu Windows . Il rame enormement depuis 15 jours, il met plus de 10 minutes pour s'eteindre, il plante et reste fixe avec plus aucune action possible. Après avoir cherché des solutions sur de nombreux forums, je me tourne vers vous. Veuillez m'aider s'il vous plait. Je vous met un rapport Hijack, j'ai cru comprendre que c'etait tres utile dans ce genre de cas.
Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:00, on 03/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Brother\Brmfl06a\Brinstck.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Users\matandco\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\matandco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZXSQPCD\HiJackThis[1].exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\matandco\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Program Files\LphantBar\tbLph0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Program Files\LphantBar\tbLph0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Installation Diagnostics] "C:\Program Files\Brother\Brmfl06a\Brinstck.exe" /I DCP-750CW LAN#2
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program Files\RelevantKnowledge\rlai.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Merci a tous ceux qui pourront m'aider
A plus
Configuration: Windows Vista
Internet Explorer 7.0

27 réponses

  • 1
  • 2
  1. DeNisCoOl Messages postés 2871 Statut Membre 224
     
    salut,

    Tu as cliqué au mauvais endroit semble t-il ;-)
    Infection ici **C:\Program Files\RelevantKnowledge\rlai.dll**

    Les antivirus, antispyware, parefeu ne font pas tout.
    Le comportement sur internet est toujours la meilleure protection.

    **********
    * Suivre les instructions pour télécharger et exécuter MalwareBytes_AntiMalware:
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    * MBAM se met automatiquement à jour en fin d'installation

    * Dans l'onglet analyse, s’assurer de cocher "Exécuter une examen rapide" et cliquer sur le bouton Rechercher pour démarrer l'analyse.

    * Si des malwares ont été détectés, leur liste s'affiche.
    En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

    * MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Fermer le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

    *Le coller dans le prochain message

    * Pour terminer le nettoyage tu auras peut être besoin de redémarrer.

    A+

    Denis
    0
  2. mathieu1403 Messages postés 24 Statut Membre
     
    merci pour ton aide, mais apparement, rien n'a été trouvé.
    Je te copie le rapport quand meme.
    A plus

    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1747
    Windows 6.0.6001 Service Pack 1

    11/02/2009 12:11:12
    mbam-log-2009-02-11 (12-11-12).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 166824
    Temps écoulé: 58 minute(s), 35 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  3. mathieu1403 Messages postés 24 Statut Membre
     
    REbonjour,
    je viens de m'apercevoir que j'ai plusieurs processus iexplorer.exe qui tournent en permanence sur mon pc. certains d'entre eux ne peuvent pas etre arrétés (arreter le processus). Le probleme peut-il venir de la?
    Merci
    0
  4. DeNisCoOl Messages postés 2871 Statut Membre 224
     
    salut,

    - Bizarre MB'AM ne semble plus détecter et traiter RelevantKnowledge, il a du s'adapter à moins que tu sois sous Vista 64bits?
    C'est cette infection qui doit ouvrir les processus iexplorer.

    On va donc y aller différemment:
    ------------
    Télécharger OTMoveIt3(de Old_Timer) sur le Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt3.exe

    /!\ Manip crée spécialement pour cette infection... Ne pas reproduire chez vous, car pourrait endommager votre machine /!\

    Double cliquer sur OTMoveIt3.exe pour le lancer.
    Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.
    Copie la liste qui se trouve en gras ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved":


    :Processes
    Explorer.exe

    :Folder
    C:\Program,Files\RelevantKnowledge\
    C:\Program Files\RelevantKnowledge\

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    Cliquer sur MoveIt! pour lancer la suppression.
    Le résultat apparaîtra dans le cadre Results.
    Cliquer sur Exit pour fermer.

    Il sera peut-être demander de redémarrer le pc pour achever la suppression.
    Si c'est le cas accepter par Yes
    .

    --> Poster le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier ********_******.log - les *** sont des chiffres représentant la date et l'heure)

    ------------
    - Ensuite Wise Registry Cleaner, pour un bon nettoyage de la base de registre, télécharger et consulter son tutoriel ici :
    https://kerio.probb.fr/t1163-tuto-wise-registry-cleaner
    Pour plus de simplicité appuyer sur le lien Clean with 1 click, il n’exécutera que les réparations de clé sures et se refermera tout seul.
    Il proposera d'installer Wise Disk Cleaner, procédez de la même manière, cela concerne les fichiers temporaires, beaucoup plus complet que CCleaner.

    ------------
    Renvoyer un autre rapport hijackthis.

    A+

    Denis
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. mathieu1403 Messages postés 24 Statut Membre
     
    Merci pour ton aide.
    Pour Vista, je sais pas, j'ai Vista edition familiale SP1, je sais pas si c'est du 32 ou du 64bits.

    Rapport d'OTMoveIT3 :
    ========== PROCESSES ==========
    Process Explorer.exe killed successfully.
    Error: Unable to interpret <:Folder > in the current context!
    Error: Unable to interpret <C:\Program,Files\RelevantKnowledge\ > in the current context!
    Error: Unable to interpret <C:\Program Files\RelevantKnowledge\ > in the current context!
    ========== COMMANDS ==========
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DFEA24.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DFEA3E.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DFEAA4.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DFEABE.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DFEB19.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DFEB33.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_135438

    -------------------------------------------------------------------------------------

    Rapport hijack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:33:52, on 12/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18372)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Windows\system32\mmc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\matandco\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Installation Diagnostics] "C:\Program Files\Brother\Brmfl06a\Brinstck.exe" /I DCP-750CW LAN#2
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  7. DeNisCoOl Messages postés 2871 Statut Membre 224
     
    salut,

    -Pour OTMoveIt3, désolé j'ai utilisé les termes de l'ancienne version.
    Recommencer avec cette liste d'instructions en gras et renvoyer le rapport :

    :Processes
    Explorer.exe

    :Files
    C:\Program,Files\RelevantKnowledge\
    C:\Program Files\RelevantKnowledge\

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    A+

    Denis
    0
  8. mathieu1403 Messages postés 24 Statut Membre
     
    OK. c'est fait.

    Merci encore

    Rapport OTmoveIT :

    ========== PROCESSES ==========
    Process Explorer.exe killed successfully.
    ========== FILES ==========
    Folder C:\Program,Files\RelevantKnowledge not found.
    C:\Program Files\RelevantKnowledge moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DF2B59.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DF2B6E.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DF2BD1.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DF2BE6.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DF2C3E.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\matandco\AppData\Local\Temp\~DF2C53.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02132009_020208

    -------------------------------------------------------------------------------

    Rapport Hijack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:01:33, on 13/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18372)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Wise Registry Cleaner 3\WiseRegistryCleaner.exe
    C:\Users\matandco\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Installation Diagnostics] "C:\Program Files\Brother\Brmfl06a\Brinstck.exe" /I DCP-750CW LAN#2
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  9. DeNisCoOl Messages postés 2871 Statut Membre 224
     
    salut,

    Relancer HJThis, clic sur do a scan only, coche la ligne en gras ci dessous, puis clic sur fix checked:

    O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)

    Vérifier si elle est encore présente après redémarrage.
    Si oui :
    Appuyer sur les touches Windows + R et taper la commande suivante
    sc delete RelevantKnowledge

    ou avec HJThis :
    Relancer HJThis, cliquez sur Config, puis sur Misc Tools (Outils divers), et ensuite sur le bouton Delete an NT service...
    Dans la fenêtre qui s'est ouverte, saisissez le nom du service RelevantKnowledge puis cliquez sur OK.

    - Faire un gros ménage dans la base de registre avec Wise Registry Cleaner, bien suivre le tuto ci dessous :
    https://kerio.probb.fr/t1163-tuto-wise-registry-cleaner
    Ne réparer que ce qui a été coché en vert, à moins de bien connaitre les autres clés.
    En cas d'éventuel erreur, vous pouvez toujours revenir en arrière en suivant les instructions en fin de tutoriel.

    - Ensuite dites moi si votre machine rame toujours.

    A+

    Denis
    0
  10. mathieu1403 Messages postés 24 Statut Membre
     
    ca n'a pas marché en cochant la case. Par les autres methodes oui.
    RelevantKnowledge ne se lance plus, je n'est plus les plusieurs iexplorer.exe qui tournent, mais l'ordi rame toujours.
    Merci encore.
    A plus
    0
  11. DeNisCoOl Messages postés 2871 Statut Membre 224
     
    salut,

    -Avezvous exécuté Wise Registry et Wise Disk Cleaner?

    - Il y a trop d'application qui tourne en même temps inutilement.
    Démarrer, taper msconfig, dans l'onglet service décocher :
    Adobe LM Service - Adobe Systems
    Apple Mobile Device - Apple Inc.
    Service de l’iPod (iPod Service) - Apple Inc.
    LightScribeService Direct Disc Labeling Service

    Regardez également dans l'onglet démarrage, décocher tout ce que vous voyez du genre SunJava, Adobe, Apple...

    - Mais il y a peut être une infection caché
    ------------
    Télécharge --> Ici <-- random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (que tu verras dans la barre des tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit

    Pour plus de détails consulter le tuto :
    https://forum.pcastuces.com/randoms_system_information_tool_rsit___tutoriel-f25s43624.htm

    A+

    Denis
    0
  12. mathieu1403 Messages postés 24 Statut Membre
     
    Merci
    Je te poste les deux fichier :

    Log.txt :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by matandco at 2009-02-15 10:56:26
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 25 GB (22%) free of 113 GB
    Total RAM: 3069 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:56:33, on 15/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18372)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\matandco\Desktop\RSIT.exe
    C:\Users\matandco\Desktop\matandco.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  13. DeNisCoOl Messages postés 2871 Statut Membre 224
     
    salut,

    Télécharger Combofix.exe (par sUBs) à partir d’un de ces liens :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    https://forospyware.com
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Important, enregistre le sur le bureau.

    Bien suivre le tutoriel officiel en français : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Sous Vista le temps de la désinfection désactiver l'UAC -User Account Control ou Contrôle de Compte Utilisateur- (tu le réactiveras après ta désinfection):
    https://www.zebulon.fr/astuces/pratique/220-desactiver-l-uac-dans-vista.html

    ► Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.

    ► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    Double clique combofix.exe et suivre les invites.
    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait faire figer l'ordinateur.

    Lorsque le scan sera complété, un rapport apparaîtra.

    Sélectionner tout le rapport (Ctrl+A), puis Copier (Ctrl+C)/ Coller (Ctrl+V) ce rapport dans la prochaine réponse
    - Si le fichier ne s'ouvre pas, il se trouve ici ==> C:\ComboFix.txt)


    ► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    A+

    Denis
    0
  14. mathieu1403 Messages postés 24 Statut Membre
     
    Bonjour.

    C'est fait. voila le rapport ComboFIX :

    ComboFix 09-02-15.01 - matandco 2009-02-16 21:22:16.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3069.2004 [GMT 1:00]
    Lancé depuis: c:\users\matandco\Desktop\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\matandco\AppData\Roaming\.#
    c:\windows\System32\Desktop_.ini
    c:\windows\system32\x64
    c:\windows\system32\x64\csnp2uvc.dll
    c:\windows\system32\x64\rsnpvc64.dll
    c:\windows\system32\x64\sncduvc.sys
    c:\windows\system32\x64\snp2uvc.sys
    c:\windows\system32\x64\vsnpvc64.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-16 au 2009-02-16 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-15 10:56 . 2009-02-15 10:56 <REP> d-------- C:\rsit
    2009-02-15 10:50 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
    2009-02-15 10:50 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
    2009-02-15 10:50 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
    2009-02-15 10:50 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
    2009-02-15 10:50 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
    2009-02-12 14:15 . 2009-02-12 14:25 <REP> d-------- c:\program files\Wise Registry Cleaner 3
    2009-02-12 13:54 . 2009-02-12 13:54 <REP> d-------- C:\_OTMoveIt
    2009-02-12 00:41 . 2009-02-12 00:41 <REP> d-------- c:\program files\DivX
    2009-02-12 00:14 . 2009-02-12 10:35 <REP> d-------- c:\program files\Veoh Networks
    2009-02-11 19:07 . 2009-02-11 19:07 <REP> d-------- c:\users\matandco\Nouveau dossier
    2009-02-11 11:11 . 2009-02-11 11:11 <REP> d-------- c:\users\matandco\AppData\Roaming\Malwarebytes
    2009-02-11 11:11 . 2009-02-11 11:11 <REP> d-------- c:\users\All Users\Malwarebytes
    2009-02-11 11:11 . 2009-02-11 11:11 <REP> d-------- c:\programdata\Malwarebytes
    2009-02-11 11:11 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2009-02-11 11:11 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2009-02-11 11:10 . 2009-02-11 11:11 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-10 20:22 . 2009-02-10 20:22 14,545 --a------ C:\Z245.jpg
    2009-02-09 23:32 . 2009-02-09 23:41 <REP> d-------- c:\program files\Common Files\PX Storage Engine
    2009-02-09 18:03 . 2009-02-09 18:29 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
    2009-02-09 18:03 . 2009-02-09 18:29 <REP> d-------- c:\programdata\Spybot - Search & Destroy
    2009-02-09 18:03 . 2009-02-09 18:03 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-02-09 12:19 . 2009-02-09 12:19 <REP> d-------- c:\users\matandco\AppData\Roaming\Jeyo
    2009-02-07 22:18 . 2009-02-07 22:18 344,079,009 --a------ c:\windows\MEMORY.DMP
    2009-02-07 15:02 . 2009-02-07 15:02 410,984 --a------ c:\windows\System32\deploytk.dll
    2009-02-07 14:52 . 2009-02-07 14:52 <REP> d-------- c:\program files\Lavalys
    2009-02-07 14:27 . 2009-02-07 14:27 <REP> d-------- c:\windows\BDOSCAN8
    2009-02-07 12:26 . 2009-02-07 12:26 <REP> d-------- c:\program files\ATI Technologies
    2009-02-07 12:26 . 2009-02-07 12:26 <REP> d-------- c:\program files\ATI
    2009-02-07 12:23 . 2009-02-07 12:23 <REP> d-------- c:\users\All Users\Atheros
    2009-02-07 12:23 . 2009-02-07 12:23 <REP> d-------- c:\programdata\Atheros
    2009-02-07 12:23 . 2009-02-07 12:23 <REP> d-------- c:\program files\Atheros
    2009-02-07 12:23 . 2007-07-30 22:13 743,424 --a------ c:\windows\System32\drivers\athr.sys
    2009-02-07 12:23 . 2007-07-30 22:13 743,424 --a------ c:\windows\System32\athr.sys
    2009-02-07 12:23 . 2007-07-30 22:12 92,917 --a------ c:\windows\System32\netathr.inf
    2009-02-07 12:23 . 2007-08-03 13:40 30,696 --a------ c:\windows\System32\athrext.cat
    2009-02-07 12:23 . 2007-05-16 10:29 24,576 --a------ c:\windows\System32\PressCancel.exe
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\Public\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\matandco\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\matandco\AppData\Roaming\Intel
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\DRV\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\Default\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\All Users\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\All Users\Intel
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\programdata\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\programdata\Intel
    2009-02-07 12:22 . 2009-02-07 12:30 <REP> d-------- c:\program files\Broadcom
    2009-02-07 12:21 . 2009-02-07 12:21 <REP> d-------- c:\users\All Users\Broadcom
    2009-02-07 12:21 . 2009-02-07 12:21 <REP> d-------- c:\programdata\Broadcom
    2009-02-07 12:21 . 2009-02-07 12:21 <REP> d-------- c:\program files\Cisco
    2009-02-04 18:18 . 2009-02-04 18:18 0 --a------ c:\windows\oodcnt.INI
    2009-02-04 11:12 . 2009-02-04 11:12 <REP> d-------- c:\users\matandco\AppData\Roaming\TuneUp Software
    2009-02-04 11:12 . 2009-02-04 11:12 <REP> d-------- c:\users\All Users\TuneUp Software
    2009-02-04 11:12 . 2009-02-04 11:12 <REP> d-------- c:\programdata\TuneUp Software
    2009-02-04 11:12 . 2009-02-05 00:33 <REP> d-------- c:\program files\TuneUp Utilities 2009
    2009-02-04 11:11 . 2009-02-04 11:11 <REP> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-02-04 11:11 . 2009-02-04 11:11 <REP> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-02-03 16:05 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
    2009-02-03 16:05 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
    2009-02-03 16:05 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
    2009-02-03 16:05 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2009-02-03 16:05 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
    2009-02-03 16:05 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
    2009-02-03 16:05 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
    2009-02-03 16:05 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
    2009-02-03 15:55 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
    2009-02-03 15:55 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
    2009-02-03 15:55 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
    2009-02-03 15:55 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
    2009-02-03 15:55 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
    2009-02-03 15:54 . 2009-02-03 15:54 <REP> d-------- c:\program files\Microsoft Silverlight
    2009-02-03 15:49 . 2009-02-05 00:27 <REP> d-------- c:\users\All Users\Lavasoft
    2009-02-03 15:49 . 2009-02-05 00:27 <REP> d-------- c:\programdata\Lavasoft
    2009-02-03 15:49 . 2009-02-05 00:27 <REP> d-------- c:\program files\Lavasoft
    2009-02-03 15:45 . 2009-02-03 15:45 <REP> d-------- c:\program files\CCleaner
    2009-02-01 19:00 . 2009-02-09 13:44 <REP> d-------- c:\users\matandco\AppData\Roaming\Samsung
    2009-02-01 19:00 . 2008-09-12 09:24 233,472 --a------ c:\windows\System32\FsUsbExService.Exe
    2009-02-01 19:00 . 2008-09-12 09:24 110,592 --a------ c:\windows\System32\FsUsbExDevice.Dll
    2009-02-01 19:00 . 2008-09-12 09:24 36,512 --a------ c:\windows\System32\FsUsbExDisk.Sys
    2009-02-01 17:24 . 2007-05-02 11:12 109,704 --a------ c:\windows\System32\drivers\ssm_mdm.sys
    2009-02-01 17:24 . 2007-05-02 11:12 83,592 --a------ c:\windows\System32\drivers\ssm_bus.sys
    2009-02-01 17:24 . 2007-05-02 11:12 15,112 --a------ c:\windows\System32\drivers\ssm_mdfl.sys
    2009-02-01 17:24 . 2007-05-02 11:12 12,424 --a------ c:\windows\System32\drivers\ssm_whnt.sys
    2009-02-01 17:24 . 2007-05-02 11:12 12,424 --a------ c:\windows\System32\drivers\ssm_wh.sys
    2009-02-01 17:24 . 2007-05-02 11:12 12,424 --a------ c:\windows\System32\drivers\ssm_cmnt.sys
    2009-02-01 17:24 . 2007-05-02 11:12 12,424 --a------ c:\windows\System32\drivers\ssm_cm.sys
    2009-02-01 17:23 . 2009-02-01 17:26 <REP> d-------- c:\windows\System32\Samsung_USB_Drivers
    2009-02-01 17:23 . 2009-02-02 15:11 <REP> d-------- c:\program files\Samsung
    2009-02-01 17:23 . 2005-08-28 20:51 766 --a------ c:\windows\System32\Uninstall.ico
    2009-02-01 16:55 . 2009-02-01 16:56 <REP> d--h----- c:\program files\Zero G Registry
    2009-02-01 16:41 . 2009-02-09 17:03 <REP> d-------- c:\program files\MOBILedit!
    2009-02-01 00:28 . 2009-02-16 21:17 <REP> d-------- c:\users\matandco\Tracing
    2009-02-01 00:01 . 2009-02-03 16:25 <REP> d-------- c:\program files\Microsoft
    2009-02-01 00:00 . 2009-02-01 00:00 <REP> d-------- c:\program files\Windows Live SkyDrive
    2009-01-31 23:54 . 2009-01-31 23:54 <REP> d-------- c:\program files\Common Files\Windows Live
    2009-01-31 11:53 . 2009-01-31 12:07 <REP> d-------- C:\VundoFix Backups
    2009-01-30 19:34 . 2009-01-30 19:36 <REP> d-------- c:\users\All Users\tpfmon
    2009-01-30 19:34 . 2009-01-30 19:34 <REP> d-------- c:\users\All Users\InternetFax
    2009-01-30 19:34 . 2009-01-30 19:36 <REP> d-------- c:\programdata\tpfmon
    2009-01-30 19:34 . 2009-01-30 19:34 <REP> d-------- c:\programdata\InternetFax
    2009-01-30 19:34 . 2009-01-30 19:34 <REP> d-------- c:\program files\InternetFax
    2009-01-30 19:34 . 2009-01-30 19:34 <REP> d-------- c:\program files\Alliance MCA
    2009-01-30 19:34 . 2008-01-28 12:44 12,288 --a------ c:\windows\System32\tpfmlh.dll
    2009-01-30 19:20 . 2009-01-30 19:20 <REP> d-------- c:\program files\AXMA
    2009-01-30 19:20 . 1998-10-07 14:08 327,168 --a------ c:\windows\IsUn040c.exe
    2009-01-28 18:03 . 2009-02-05 00:32 <REP> d-------- c:\users\All Users\Symantec
    2009-01-28 18:03 . 2009-02-05 00:32 <REP> d-------- c:\programdata\Symantec
    2009-01-26 19:02 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
    2009-01-26 15:38 . 2009-01-26 15:38 <REP> d-------- c:\users\matandco\AppData\Roaming\CopyTransPhoto
    2009-01-26 15:37 . 2009-01-26 15:37 <REP> d-------- c:\users\matandco\AppData\Roaming\CopyTransControlCenter
    2009-01-26 15:37 . 2009-01-26 15:42 <REP> d-------- c:\users\All Users\CopyTransControlCenter
    2009-01-26 15:37 . 2009-01-26 15:42 <REP> d-------- c:\programdata\CopyTransControlCenter
    2009-01-26 15:37 . 2009-01-26 15:37 <REP> d-------- c:\program files\WindSolutions
    2009-01-26 15:31 . 2009-02-10 22:28 <REP> d-------- c:\program files\Bonjour
    2009-01-24 13:15 . 2005-02-24 12:10 2,084,864 --a------ c:\windows\System32\AudDesign.dll
    2009-01-24 13:15 . 2005-03-11 17:37 1,986,560 --a------ c:\windows\System32\AudFile.dll
    2009-01-24 13:15 . 2005-02-24 12:11 1,212,416 --a------ c:\windows\System32\AudioInfos.dll
    2009-01-24 13:15 . 2005-02-24 12:11 479,232 --a------ c:\windows\System32\AudioVisu.dll
    2009-01-24 13:15 . 2005-02-24 15:21 458,752 --a------ c:\windows\System32\AudPlayer.dll
    2009-01-24 13:15 . 2005-03-10 16:00 454,656 --a------ c:\windows\System32\AudioRecord.dll
    2009-01-24 13:15 . 2005-02-24 12:10 417,792 --a------ c:\windows\System32\AudDisplay.dll
    2009-01-24 13:15 . 2005-02-24 11:51 348,160 --a------ c:\windows\System32\WMAFile.dll
    2009-01-24 13:15 . 2005-01-10 12:54 116,296 --a------ c:\windows\System32\NCTWMAProfiles.prx
    2009-01-24 10:44 . 2009-01-24 10:44 <REP> d-------- c:\users\All Users\NortonInstaller
    2009-01-24 10:44 . 2009-01-24 10:44 <REP> d-------- c:\programdata\NortonInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-16 20:18 --------- d-----w c:\programdata\NVIDIA
    2009-02-16 11:15 --------- d-----w c:\programdata\Google Updater
    2009-02-12 09:37 --------- d-----w c:\programdata\Microsoft Help
    2009-02-12 09:37 --------- d-----w c:\program files\Windows Mail
    2009-02-11 17:40 --------- d-----w c:\program files\Google
    2009-02-09 15:49 --------- d---a-w c:\programdata\TEMP
    2009-02-09 11:56 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
    2009-02-09 11:44 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-07 14:02 --------- d-----w c:\program files\Java
    2009-02-07 11:34 --------- d-----w c:\program files\Acer Inc
    2009-02-07 11:29 319,456 ----a-w c:\windows\DIFxAPI.dll
    2009-02-07 11:20 --------- d-----w c:\program files\Intel
    2009-02-05 09:54 --------- d-----w c:\program files\Conduit
    2009-02-05 09:54 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-02-04 23:35 --------- d-----w c:\program files\ma-config.com
    2009-01-31 23:01 --------- d-----w c:\program files\Windows Live
    2009-01-21 19:09 --------- d-----w c:\program files\Alwil Software
    2009-01-18 18:07 --------- d-----w c:\program files\Infinity USB Unlimited
    2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
    2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
    2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
    2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
    2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
    2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
    2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
    2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
    2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
    2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
    2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
    2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
    2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
    2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
    2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
    2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
    2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
    2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
    2009-01-14 18:37 --------- d-----w c:\users\matandco\AppData\Roaming\InstallShield
    2009-01-14 18:33 --------- d-----w c:\users\matandco\AppData\Roaming\ScanSoft
    2009-01-13 21:25 28,124 ----a-w c:\users\matandco\AppData\Roaming\nvModes.dat
    2008-12-31 18:41 --------- d-----w c:\users\matandco\AppData\Roaming\Apple Computer
    2008-12-31 18:39 --------- d-----w c:\program files\Safari
    2008-12-31 18:26 --------- d-----w c:\program files\Techlogg.com ToneShop
    2008-12-31 17:00 --------- d-----w c:\programdata\Apple Computer
    2008-12-31 17:00 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-31 17:00 --------- d-----w c:\program files\iTunes
    2008-12-31 17:00 --------- d-----w c:\program files\iPod
    2008-12-31 17:00 --------- d-----w c:\program files\Common Files\Apple
    2008-12-31 16:57 --------- d-----w c:\program files\QuickTime
    2008-12-31 16:56 --------- d-----w c:\program files\Apple Software Update
    2008-12-31 16:55 --------- d-----w c:\programdata\Apple
    2008-12-31 15:58 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-12-26 21:51 --------- d-----w c:\programdata\Office Genuine Advantage
    2008-12-12 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
    2008-12-12 10:11 65,536 ----a-w c:\windows\System32\jdns_sd.dll
    2008-12-12 10:11 61,440 ----a-w c:\windows\System32\dnssd.dll
    2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
    2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll
    2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
    2008-07-07 11:55 0 ----a-w c:\users\matandco\AppData\Roaming\wklnhst.dat
    2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
    2005-07-25 08:05 414 ----a-w c:\users\matandco\install.cmd
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{52836EB0-631A-47B1-94A6-61F9D9112DAE}"= "c:\program files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll" [2009-02-03 404216]

    [HKEY_CLASSES_ROOT\clsid\{52836eb0-631a-47b1-94a6-61f9d9112dae}]
    [HKEY_CLASSES_ROOT\SearchRecsPlugin.SearchRecommendation.1]
    [HKEY_CLASSES_ROOT\TypeLib\{8A12A664-9694-4C5A-BB6E-269507393176}]
    [HKEY_CLASSES_ROOT\SearchRecsPlugin.SearchRecommendations]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-01-03 02:00 39472 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
    "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2006-09-25 49152]
    "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
    "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-15 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-15 8534560]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-15 81920]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-18 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement Application Fax.lnk]
    backup=c:\windows\pss\Lancement Application Fax.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^matandco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    backup=c:\windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
    --a------ 2006-07-19 14:51 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Installation Diagnostics]
    --a------ 2006-11-04 10:52 126976 c:\program files\Brother\Brmfl06a\Brinstck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2008-12-02 22:41 3882312 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
    --------- 2008-01-22 10:14 200704 c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-10-14 09:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2009-02-07 15:02 136600 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2008-07-08 11:39 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{B10292AC-83FD-4D8B-A7BB-712CFFAD8B8A}c:\\program files\\lphant\\elephantclient.exe"= UDP:c:\program files\lphant\elephantclient.exe:lphant Client
    "UDP Query User{B565BAF5-7B35-41D0-B86A-606354A66827}c:\\program files\\lphant\\elephantclient.exe"= TCP:c:\program files\lphant\elephantclient.exe:lphant Client
    "{93D0AFB1-DE72-4CEB-ACCE-0B8541D3604A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{1D75992E-D4CA-41EB-86FB-518CB0FFC84F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{140BE9C9-131F-4D78-B2FF-2FB13A92C0ED}c:\\program files\\jeyo\\jmc_windowsmobile\\jmc_wm.exe"= UDP:c:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe:Jeyo Mobile Companion
    "UDP Query User{5CE8D504-2060-4B08-B128-7341C312D057}c:\\program files\\jeyo\\jmc_windowsmobile\\jmc_wm.exe"= TCP:c:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe:Jeyo Mobile Companion
    "{C678BAEF-3D92-4CBA-B712-0A76B0731A81}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
    "{CEC96DBC-164B-480F-B611-F4065EFC0EA8}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2008-04-16 03:59:05 41456]
    R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2008-03-18 51200]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-09 1153368]
    R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-03-18 32256]
    R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\System32\drivers\evsbc.sys [2009-01-10 27216]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-18 180736]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-02-07 23152]
    S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\System32\drivers\evserial.sys [2009-01-10 54352]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [2009-02-01 36512]
    S3 NETw2v32;Pilote de connexion réseau Intel(R) PRO/Wireless 2915ABG pour Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2008-03-18 2599936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c14070e5-95cb-11dd-9f31-e2e8f70f43bd}]
    \shell\AutoRun\command - F:\autorun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

    2009-02-16 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 21:02]

    2009-02-16 c:\windows\Tasks\User_Feed_Synchronization-{A15855B3-935D-4C28-93DF-255DE43F9CA2}.job
    - c:\windows\system32\msfeedssync.exe [2009-01-15 11:01]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-SpywareCleaner - c:\windows\system32\SpywareRemover.exe

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-16 21:24:36
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    c:\users\matandco\AppData\Local\Temp\catchme.dll 53248 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    Heure de fin: 2009-02-16 21:26:28
    ComboFix-quarantined-files.txt 2009-02-16 20:26:26

    Avant-CF: 25 484 304 384 octets libres
    Après-CF: 25,531,621,376 octets libres

    Current=3 Default=3 Failed=1 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
    369 --- E O F --- 2009-02-16 11:12:58
    0
  15. DeNisCoOl Messages postés 2871 Statut Membre 224
     
    salut,

    - Du mieux, ça rame toujours?

    /!\ Manip crée spécialement pour cette infection, ne pas reproduire seul chez soi sans supervision... /!\

    ------------------------------
    Créer un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et y coller les lignes suivantes :


    DirLook::
    c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
    c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}


    Enregistre ce fichier sous le nom CFScript

    ► Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.

    ► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    * Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme montré sur ce lien :
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    * Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) ,taper 1 puis valider.
    * Patienter le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    * Ne toucher à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poster son contenu, en précisant où en sont les soucis.

    * Si le fichier ne s'ouvre pas, il se trouve ici ==> C:\ComboFix.txt

    ---------------------------------
    Il faudrait également vérifier un fichier dans ce site: https://www.virustotal.com/gui/

    Une fois dans le site, copier et coller le chemin du fichier ci dessous, dans le rectangle blanc devant le bouton Parcourir...

    c:\windows\System32\PressCancel.exe

    Ensuite cliquer sur le bouton Envoyer le fichier

    Le fichier va être examiner par environ 30 moteur anti virus, il va être mis en file d’attente dans un premier temps, soyez patient, laisser tourner.
    Le rapport ne sera complet que si la mention "FINISHED" apparaît sur la droite.

    Coller le rapport dans le prochain message.

    A+

    Denis
    0
  16. mathieu1403 Messages postés 24 Statut Membre
     
    Bonjour,
    j'ai toujours les memes soucis, surtout a la fermeture de windows ("Arret en cours" dure au moins un quart d'heure) et avec internet explorer (certains pages mettent plusieurs minutes a s'ouvrir voire ne s'ouvrent pas du tout).

    voici le rapport ComboFix :

    ComboFix 09-02-15.01 - matandco 2009-02-18 10:31:38.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3069.1999 [GMT 1:00]
    Lancé depuis: c:\users\matandco\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\matandco\Desktop\CFScript.txt
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-18 au 2009-02-18 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-17 13:20 . 2009-02-17 13:20 <REP> d-------- c:\program files\SFR
    2009-02-15 10:56 . 2009-02-15 10:56 <REP> d-------- C:\rsit
    2009-02-15 10:50 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
    2009-02-15 10:50 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
    2009-02-15 10:50 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
    2009-02-15 10:50 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
    2009-02-15 10:50 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
    2009-02-12 14:15 . 2009-02-12 14:25 <REP> d-------- c:\program files\Wise Registry Cleaner 3
    2009-02-12 13:54 . 2009-02-12 13:54 <REP> d-------- C:\_OTMoveIt
    2009-02-12 00:41 . 2009-02-12 00:41 <REP> d-------- c:\program files\DivX
    2009-02-12 00:14 . 2009-02-12 10:35 <REP> d-------- c:\program files\Veoh Networks
    2009-02-11 19:07 . 2009-02-11 19:07 <REP> d-------- c:\users\matandco\Nouveau dossier
    2009-02-11 11:11 . 2009-02-11 11:11 <REP> d-------- c:\users\matandco\AppData\Roaming\Malwarebytes
    2009-02-11 11:11 . 2009-02-11 11:11 <REP> d-------- c:\users\All Users\Malwarebytes
    2009-02-11 11:11 . 2009-02-11 11:11 <REP> d-------- c:\programdata\Malwarebytes
    2009-02-11 11:11 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2009-02-11 11:11 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2009-02-11 11:10 . 2009-02-11 11:11 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-10 20:22 . 2009-02-10 20:22 14,545 --a------ C:\Z245.jpg
    2009-02-09 23:32 . 2009-02-09 23:41 <REP> d-------- c:\program files\Common Files\PX Storage Engine
    2009-02-09 18:03 . 2009-02-09 18:29 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
    2009-02-09 18:03 . 2009-02-09 18:29 <REP> d-------- c:\programdata\Spybot - Search & Destroy
    2009-02-09 18:03 . 2009-02-09 18:03 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-02-09 12:19 . 2009-02-09 12:19 <REP> d-------- c:\users\matandco\AppData\Roaming\Jeyo
    2009-02-07 22:18 . 2009-02-17 13:50 346,815,137 --a------ c:\windows\MEMORY.DMP
    2009-02-07 15:02 . 2009-02-07 15:02 410,984 --a------ c:\windows\System32\deploytk.dll
    2009-02-07 14:52 . 2009-02-07 14:52 <REP> d-------- c:\program files\Lavalys
    2009-02-07 14:27 . 2009-02-07 14:27 <REP> d-------- c:\windows\BDOSCAN8
    2009-02-07 12:26 . 2009-02-07 12:26 <REP> d-------- c:\program files\ATI Technologies
    2009-02-07 12:26 . 2009-02-07 12:26 <REP> d-------- c:\program files\ATI
    2009-02-07 12:23 . 2009-02-07 12:23 <REP> d-------- c:\users\All Users\Atheros
    2009-02-07 12:23 . 2009-02-07 12:23 <REP> d-------- c:\programdata\Atheros
    2009-02-07 12:23 . 2009-02-07 12:23 <REP> d-------- c:\program files\Atheros
    2009-02-07 12:23 . 2007-07-30 22:13 743,424 --a------ c:\windows\System32\athr.sys
    2009-02-07 12:23 . 2007-07-30 22:12 92,917 --a------ c:\windows\System32\netathr.inf
    2009-02-07 12:23 . 2007-08-03 13:40 30,696 --a------ c:\windows\System32\athrext.cat
    2009-02-07 12:23 . 2007-05-16 10:29 24,576 --a------ c:\windows\System32\PressCancel.exe
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\Public\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\matandco\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\matandco\AppData\Roaming\Intel
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\DRV\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\Default\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\All Users\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\users\All Users\Intel
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\programdata\Roaming
    2009-02-07 12:22 . 2009-02-07 12:22 <REP> d-------- c:\programdata\Intel
    2009-02-07 12:22 . 2009-02-07 12:30 <REP> d-------- c:\program files\Broadcom
    2009-02-07 12:21 . 2009-02-07 12:21 <REP> d-------- c:\users\All Users\Broadcom
    2009-02-07 12:21 . 2009-02-07 12:21 <REP> d-------- c:\programdata\Broadcom
    2009-02-07 12:21 . 2009-02-07 12:21 <REP> d-------- c:\program files\Cisco
    2009-02-04 18:18 . 2009-02-04 18:18 0 --a------ c:\windows\oodcnt.INI
    2009-02-04 11:12 . 2009-02-04 11:12 <REP> d-------- c:\users\matandco\AppData\Roaming\TuneUp Software
    2009-02-04 11:12 . 2009-02-04 11:12 <REP> d-------- c:\users\All Users\TuneUp Software
    2009-02-04 11:12 . 2009-02-04 11:12 <REP> d-------- c:\programdata\TuneUp Software
    2009-02-04 11:12 . 2009-02-05 00:33 <REP> d-------- c:\program files\TuneUp Utilities 2009
    2009-02-04 11:11 . 2009-02-04 11:11 <REP> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-02-04 11:11 . 2009-02-04 11:11 <REP> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-02-03 16:05 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
    2009-02-03 16:05 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
    2009-02-03 16:05 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
    2009-02-03 16:05 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2009-02-03 16:05 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
    2009-02-03 16:05 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
    2009-02-03 16:05 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
    2009-02-03 16:05 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
    2009-02-03 15:55 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
    2009-02-03 15:55 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
    2009-02-03 15:55 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
    2009-02-03 15:55 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
    2009-02-03 15:55 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
    2009-02-03 15:54 . 2009-02-03 15:54 <REP> d-------- c:\program files\Microsoft Silverlight
    2009-02-03 15:49 . 2009-02-05 00:27 <REP> d-------- c:\users\All Users\Lavasoft
    2009-02-03 15:49 . 2009-02-05 00:27 <REP> d-------- c:\programdata\Lavasoft
    2009-02-03 15:49 . 2009-02-05 00:27 <REP> d-------- c:\program files\Lavasoft
    2009-02-03 15:45 . 2009-02-03 15:45 <REP> d-------- c:\program files\CCleaner
    2009-02-01 19:00 . 2009-02-09 13:44 <REP> d-------- c:\users\matandco\AppData\Roaming\Samsung
    2009-02-01 19:00 . 2008-09-12 09:24 233,472 --a------ c:\windows\System32\FsUsbExService.Exe
    2009-02-01 19:00 . 2008-09-12 09:24 110,592 --a------ c:\windows\System32\FsUsbExDevice.Dll
    2009-02-01 19:00 . 2008-09-12 09:24 36,512 --a------ c:\windows\System32\FsUsbExDisk.Sys
    2009-02-01 17:24 . 2007-05-02 11:12 109,704 --a------ c:\windows\System32\drivers\ssm_mdm.sys
    2009-02-01 17:24 . 2007-05-02 11:12 83,592 --a------ c:\windows\System32\drivers\ssm_bus.sys
    2009-02-01 17:24 . 2007-05-02 11:12 15,112 --a------ c:\windows\System32\drivers\ssm_mdfl.sys
    2009-02-01 17:24 . 2007-05-02 11:12 12,424 --a------ c:\windows\System32\drivers\ssm_whnt.sys
    2009-02-01 17:24 . 2007-05-02 11:12 12,424 --a------ c:\windows\System32\drivers\ssm_wh.sys
    2009-02-01 17:24 . 2007-05-02 11:12 12,424 --a------ c:\windows\System32\drivers\ssm_cmnt.sys
    2009-02-01 17:24 . 2007-05-02 11:12 12,424 --a------ c:\windows\System32\drivers\ssm_cm.sys
    2009-02-01 17:23 . 2009-02-01 17:26 <REP> d-------- c:\windows\System32\Samsung_USB_Drivers
    2009-02-01 17:23 . 2009-02-02 15:11 <REP> d-------- c:\program files\Samsung
    2009-02-01 17:23 . 2005-08-28 20:51 766 --a------ c:\windows\System32\Uninstall.ico
    2009-02-01 16:55 . 2009-02-01 16:56 <REP> d--h----- c:\program files\Zero G Registry
    2009-02-01 16:41 . 2009-02-09 17:03 <REP> d-------- c:\program files\MOBILedit!
    2009-02-01 00:28 . 2009-02-18 09:10 <REP> d-------- c:\users\matandco\Tracing
    2009-02-01 00:01 . 2009-02-03 16:25 <REP> d-------- c:\program files\Microsoft
    2009-02-01 00:00 . 2009-02-01 00:00 <REP> d-------- c:\program files\Windows Live SkyDrive
    2009-01-31 23:54 . 2009-01-31 23:54 <REP> d-------- c:\program files\Common Files\Windows Live
    2009-01-31 11:53 . 2009-01-31 12:07 <REP> d-------- C:\VundoFix Backups
    2009-01-30 19:34 . 2009-01-30 19:36 <REP> d-------- c:\users\All Users\tpfmon
    2009-01-30 19:34 . 2009-01-30 19:34 <REP> d-------- c:\users\All Users\InternetFax
    2009-01-30 19:34 . 2009-01-30 19:36 <REP> d-------- c:\programdata\tpfmon
    2009-01-30 19:34 . 2009-01-30 19:34 <REP> d-------- c:\programdata\InternetFax
    2009-01-30 19:34 . 2009-01-30 19:34 <REP> d-------- c:\program files\InternetFax
    2009-01-30 19:34 . 2009-01-30 19:34 <REP> d-------- c:\program files\Alliance MCA
    2009-01-30 19:34 . 2008-01-28 12:44 12,288 --a------ c:\windows\System32\tpfmlh.dll
    2009-01-30 19:20 . 2009-01-30 19:20 <REP> d-------- c:\program files\AXMA
    2009-01-30 19:20 . 1998-10-07 14:08 327,168 --a------ c:\windows\IsUn040c.exe
    2009-01-28 18:03 . 2009-02-05 00:32 <REP> d-------- c:\users\All Users\Symantec
    2009-01-28 18:03 . 2009-02-05 00:32 <REP> d-------- c:\programdata\Symantec
    2009-01-26 19:02 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
    2009-01-26 15:38 . 2009-01-26 15:38 <REP> d-------- c:\users\matandco\AppData\Roaming\CopyTransPhoto
    2009-01-26 15:37 . 2009-01-26 15:37 <REP> d-------- c:\users\matandco\AppData\Roaming\CopyTransControlCenter
    2009-01-26 15:37 . 2009-01-26 15:42 <REP> d-------- c:\users\All Users\CopyTransControlCenter
    2009-01-26 15:37 . 2009-01-26 15:42 <REP> d-------- c:\programdata\CopyTransControlCenter
    2009-01-26 15:37 . 2009-01-26 15:37 <REP> d-------- c:\program files\WindSolutions
    2009-01-26 15:31 . 2009-02-10 22:28 <REP> d-------- c:\program files\Bonjour
    2009-01-24 13:15 . 2005-02-24 12:10 2,084,864 --a------ c:\windows\System32\AudDesign.dll
    2009-01-24 13:15 . 2005-03-11 17:37 1,986,560 --a------ c:\windows\System32\AudFile.dll
    2009-01-24 13:15 . 2005-02-24 12:11 1,212,416 --a------ c:\windows\System32\AudioInfos.dll
    2009-01-24 13:15 . 2005-02-24 12:11 479,232 --a------ c:\windows\System32\AudioVisu.dll
    2009-01-24 13:15 . 2005-02-24 15:21 458,752 --a------ c:\windows\System32\AudPlayer.dll
    2009-01-24 13:15 . 2005-03-10 16:00 454,656 --a------ c:\windows\System32\AudioRecord.dll
    2009-01-24 13:15 . 2005-02-24 12:10 417,792 --a------ c:\windows\System32\AudDisplay.dll
    2009-01-24 13:15 . 2005-02-24 11:51 348,160 --a------ c:\windows\System32\WMAFile.dll
    2009-01-24 13:15 . 2005-01-10 12:54 116,296 --a------ c:\windows\System32\NCTWMAProfiles.prx
    2009-01-24 10:44 . 2009-01-24 10:44 <REP> d-------- c:\users\All Users\NortonInstaller
    2009-01-24 10:44 . 2009-01-24 10:44 <REP> d-------- c:\programdata\NortonInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-17 12:16 --------- d-----w c:\programdata\Google Updater
    2009-02-16 20:18 --------- d-----w c:\programdata\NVIDIA
    2009-02-12 09:37 --------- d-----w c:\programdata\Microsoft Help
    2009-02-12 09:37 --------- d-----w c:\program files\Windows Mail
    2009-02-11 17:40 --------- d-----w c:\program files\Google
    2009-02-09 15:49 --------- d---a-w c:\programdata\TEMP
    2009-02-09 11:56 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
    2009-02-09 11:44 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-07 14:02 --------- d-----w c:\program files\Java
    2009-02-07 11:34 --------- d-----w c:\program files\Acer Inc
    2009-02-07 11:29 319,456 ----a-w c:\windows\DIFxAPI.dll
    2009-02-07 11:20 --------- d-----w c:\program files\Intel
    2009-02-05 09:54 --------- d-----w c:\program files\Conduit
    2009-02-05 09:54 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-02-04 23:35 --------- d-----w c:\program files\ma-config.com
    2009-01-31 23:01 --------- d-----w c:\program files\Windows Live
    2009-01-21 19:09 --------- d-----w c:\program files\Alwil Software
    2009-01-18 18:07 --------- d-----w c:\program files\Infinity USB Unlimited
    2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
    2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
    2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
    2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
    2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
    2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
    2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
    2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
    2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
    2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
    2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
    2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
    2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
    2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
    2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
    2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
    2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
    2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
    2009-01-14 18:37 --------- d-----w c:\users\matandco\AppData\Roaming\InstallShield
    2009-01-14 18:33 --------- d-----w c:\users\matandco\AppData\Roaming\ScanSoft
    2009-01-13 21:25 28,124 ----a-w c:\users\matandco\AppData\Roaming\nvModes.dat
    2009-01-13 08:45 954,368 ----a-w c:\windows\system32\drivers\athr.sys
    2008-12-31 18:41 --------- d-----w c:\users\matandco\AppData\Roaming\Apple Computer
    2008-12-31 18:39 --------- d-----w c:\program files\Safari
    2008-12-31 18:26 --------- d-----w c:\program files\Techlogg.com ToneShop
    2008-12-31 17:00 --------- d-----w c:\programdata\Apple Computer
    2008-12-31 17:00 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-31 17:00 --------- d-----w c:\program files\iTunes
    2008-12-31 17:00 --------- d-----w c:\program files\iPod
    2008-12-31 17:00 --------- d-----w c:\program files\Common Files\Apple
    2008-12-31 16:57 --------- d-----w c:\program files\QuickTime
    2008-12-31 16:56 --------- d-----w c:\program files\Apple Software Update
    2008-12-31 16:55 --------- d-----w c:\programdata\Apple
    2008-12-31 15:58 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-12-26 21:51 --------- d-----w c:\programdata\Office Genuine Advantage
    2008-12-12 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
    2008-12-12 10:11 65,536 ----a-w c:\windows\System32\jdns_sd.dll
    2008-12-12 10:11 61,440 ----a-w c:\windows\System32\dnssd.dll
    2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
    2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll
    2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
    2008-07-07 11:55 0 ----a-w c:\users\matandco\AppData\Roaming\wklnhst.dat
    2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
    2005-07-25 08:05 414 ----a-w c:\users\matandco\install.cmd
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-16_21.25.02,63 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-07 11:34:32 51,200 ----a-w c:\windows\inf\infpub.dat
    + 2009-02-16 20:54:25 51,200 ----a-w c:\windows\inf\infpub.dat
    - 2009-02-07 11:29:45 86,016 ----a-w c:\windows\inf\infstor.dat
    + 2009-02-16 20:54:24 86,016 ----a-w c:\windows\inf\infstor.dat
    - 2009-02-07 11:34:32 143,360 ----a-w c:\windows\inf\infstrng.dat
    + 2009-02-16 20:54:25 143,360 ----a-w c:\windows\inf\infstrng.dat
    - 2009-02-16 20:17:25 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-02-18 08:07:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-02-16 20:17:25 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-02-18 08:07:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-02-16 20:18:26 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2009-02-18 08:10:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
    + 2009-02-18 08:10:25 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2009-02-16 20:24:35 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2009-02-18 08:10:30 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2009-02-18 08:10:30 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    + 2009-02-17 18:09:07 2,064 ----a-w c:\windows\SoftwareDistribution\EventCache\{7630F37D-CA1E-48EE-85F3-1BF75A7723FB}.bin
    - 2009-02-16 11:15:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-17 12:16:10 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-02-16 11:15:11 163,840 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-17 12:16:10 163,840 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-02-16 11:15:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-02-17 12:16:10 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-01-13 08:45:00 954,368 ----a-w c:\windows\System32\DriverStore\FileRepository\netathr.inf_c9e283b2\athr.sys
    + 2009-02-17 12:23:18 2,456 ----a-w c:\windows\System32\networklist\icons\{CD2826A5-648F-4900-874D-10D4C9034A2C}_24.bin
    + 2009-02-17 12:23:18 4,280 ----a-w c:\windows\System32\networklist\icons\{CD2826A5-648F-4900-874D-10D4C9034A2C}_32.bin
    + 2009-02-17 12:23:18 9,560 ----a-w c:\windows\System32\networklist\icons\{CD2826A5-648F-4900-874D-10D4C9034A2C}_48.bin
    + 2009-02-17 12:56:36 2,456 ----a-w c:\windows\System32\networklist\icons\{F43878B5-DFDB-41C4-AB51-6A6EBE644786}_24.bin
    + 2009-02-17 12:56:36 4,280 ----a-w c:\windows\System32\networklist\icons\{F43878B5-DFDB-41C4-AB51-6A6EBE644786}_32.bin
    + 2009-02-17 12:56:36 9,560 ----a-w c:\windows\System32\networklist\icons\{F43878B5-DFDB-41C4-AB51-6A6EBE644786}_48.bin
    - 2009-02-16 20:19:20 17,690 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1807964899-1864760849-2069076129-1000_UserData.bin
    + 2009-02-18 08:11:16 17,690 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1807964899-1864760849-2069076129-1000_UserData.bin
    - 2009-02-16 20:19:20 108,070 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-02-18 08:11:15 108,094 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-02-16 20:19:18 79,792 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-02-18 08:11:14 79,800 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-02-16 19:34:44 238,802 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-02-17 12:09:29 240,032 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-02-15 09:49:33 105,422,748 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2009-02-16 21:22:19 105,455,914 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{52836EB0-631A-47B1-94A6-61F9D9112DAE}"= "c:\program files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll" [2009-02-03 404216]

    [HKEY_CLASSES_ROOT\clsid\{52836eb0-631a-47b1-94a6-61f9d9112dae}]
    [HKEY_CLASSES_ROOT\SearchRecsPlugin.SearchRecommendation.1]
    [HKEY_CLASSES_ROOT\TypeLib\{8A12A664-9694-4C5A-BB6E-269507393176}]
    [HKEY_CLASSES_ROOT\SearchRecsPlugin.SearchRecommendations]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-01-03 02:00 39472 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
    "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2006-09-25 49152]
    "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
    "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-24 622592]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-15 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-15 8534560]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-15 81920]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-18 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement Application Fax.lnk]
    backup=c:\windows\pss\Lancement Application Fax.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^matandco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    backup=c:\windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
    --a------ 2006-07-19 14:51 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Installation Diagnostics]
    --a------ 2006-11-04 10:52 126976 c:\program files\Brother\Brmfl06a\Brinstck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2008-12-02 22:41 3882312 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
    --------- 2008-01-22 10:14 200704 c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-10-14 09:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2009-02-07 15:02 136600 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2008-07-08 11:39 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{B10292AC-83FD-4D8B-A7BB-712CFFAD8B8A}c:\\program files\\lphant\\elephantclient.exe"= UDP:c:\program files\lphant\elephantclient.exe:lphant Client
    "UDP Query User{B565BAF5-7B35-41D0-B86A-606354A66827}c:\\program files\\lphant\\elephantclient.exe"= TCP:c:\program files\lphant\elephantclient.exe:lphant Client
    "{93D0AFB1-DE72-4CEB-ACCE-0B8541D3604A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{1D75992E-D4CA-41EB-86FB-518CB0FFC84F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{140BE9C9-131F-4D78-B2FF-2FB13A92C0ED}c:\\program files\\jeyo\\jmc_windowsmobile\\jmc_wm.exe"= UDP:c:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe:Jeyo Mobile Companion
    "UDP Query User{5CE8D504-2060-4B08-B128-7341C312D057}c:\\program files\\jeyo\\jmc_windowsmobile\\jmc_wm.exe"= TCP:c:\program files\jeyo\jmc_windowsmobile\jmc_wm.exe:Jeyo Mobile Companion
    "{C678BAEF-3D92-4CBA-B712-0A76B0731A81}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
    "{CEC96DBC-164B-480F-B611-F4065EFC0EA8}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
    "c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2008-04-16 03:59:05 41456]
    R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2008-03-18 51200]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-09 1153368]
    R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-03-18 32256]
    R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\System32\drivers\evsbc.sys [2009-01-10 27216]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-18 180736]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-02-07 23152]
    S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\System32\drivers\evserial.sys [2009-01-10 54352]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [2009-02-01 36512]
    S3 NETw2v32;Pilote de connexion réseau Intel(R) PRO/Wireless 2915ABG pour Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2008-03-18 2599936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6637956d-0b5f-11dd-822f-806e6f6e6963}]
    \shell\AutoRun\command - E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c14070e5-95cb-11dd-9f31-e2e8f70f43bd}]
    \shell\AutoRun\command - F:\autorun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

    2009-02-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 21:02]

    2009-02-17 c:\windows\Tasks\User_Feed_Synchronization-{A15855B3-935D-4C28-93DF-255DE43F9CA2}.job
    - c:\windows\system32\msfeedssync.exe [2009-01-15 11:01]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.sfr.fr/kit/adsl/
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-18 10:34:40
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(5732)
    c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\acer\Empowering Technology\EPOWER\SysHook.dll
    .
    Heure de fin: 2009-02-18 10:37:09
    ComboFix-quarantined-files.txt 2009-02-18 09:37:05
    ComboFix2.txt 2009-02-16 20:26:30

    Avant-CF: 38,710,722,560 octets libres
    Après-CF: 38,284,394,496 octets libres

    Current=3 Default=3 Failed=1 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
    410 --- E O F --- 2009-02-17 18:08:55

    ------------------------------------------------------------------------------------------------------------------------------------------

    et voila pour l'analyse demandée :

    Fichier PressCancel.exe reçu le 2009.02.18 10:43:51 (CET)

    Résultat: 0/39 (0%)

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.18 -
    AhnLab-V3 5.0.0.2 2009.02.18 -
    AntiVir 7.9.0.83 2009.02.18 -
    Authentium 5.1.0.4 2009.02.18 -
    Avast 4.8.1335.0 2009.02.17 -
    AVG 8.0.0.237 2009.02.17 -
    BitDefender 7.2 2009.02.18 -
    CAT-QuickHeal 10.00 2009.02.18 -
    ClamAV 0.94.1 2009.02.18 -
    Comodo 983 2009.02.18 -
    DrWeb 4.44.0.09170 2009.02.18 -
    eSafe 7.0.17.0 2009.02.17 -
    eTrust-Vet 31.6.6363 2009.02.18 -
    F-Prot 4.4.4.56 2009.02.17 -
    F-Secure 8.0.14470.0 2009.02.18 -
    Fortinet 3.117.0.0 2009.02.18 -
    GData 19 2009.02.18 -
    Ikarus T3.1.1.45.0 2009.02.18 -
    K7AntiVirus 7.10.630 2009.02.14 -
    Kaspersky 7.0.0.125 2009.02.18 -
    McAfee 5529 2009.02.17 -
    McAfee+Artemis 5529 2009.02.17 -
    Microsoft 1.4306 2009.02.18 -
    NOD32 3863 2009.02.18 -
    Norman 6.00.06 2009.02.17 -
    nProtect 2009.1.8.0 2009.02.18 -
    Panda 10.0.0.10 2009.02.18 -
    PCTools 4.4.2.0 2009.02.17 -
    Prevx1 V2 2009.02.18 -
    Rising 21.17.22.00 2009.02.18 -
    SecureWeb-Gateway 6.7.6 2009.02.18 -
    Sophos 4.38.0 2009.02.18 -
    Sunbelt 3.2.1855.2 2009.02.17 -
    Symantec 10 2009.02.18 -
    TheHacker 6.3.2.2.259 2009.02.18 -
    TrendMicro 8.700.0.1004 2009.02.18 -
    VBA32 3.12.8.13 2009.02.18 -
    ViRobot 2009.2.18.1613 2009.02.18 -
    VirusBuster 4.5.11.0 2009.02.17 -
    Information additionnelle
    File size: 24576 bytes
    MD5...: 52305db463499ff19d52896b2848ea77
    SHA1..: 86b4c2273b40bf5e8e3604142ea0060f43efabcb
    SHA256: 1322bdcff70a2b0f307bb53fb1f987027a109c8016f878cd4203b413c293002c
    SHA512: 1487e6a7ddb59339441037e565e51dbed31c05cfffc31f403b74874f76a49637
    848ac1e573c40fb1a9e0a6ba7d3ca20f509b53b186ce25b1b64eb18ce8f92a64

    ssdeep: 192:sDxNa+lCzZLISBWXV8WyrQXztae0rMg/mZBdZDNeJ+KA8su+jmBMS94vC9Ay
    yeUX:Cfly9Lp6YmlHKAlvkAyyeJrh6oG

    PEiD..: Armadillo v1.71
    TrID..: File type identification
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1060
    timedatestamp.....: 0x464a6c71 (Wed May 16 02:29:05 2007)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x28de 0x3000 5.95 00209ff23d4ea882f2b6b838e322ad13
    .rdata 0x4000 0x79c 0x1000 3.11 65139fef427e61f7bd595011329e7ec7
    .data 0x5000 0x9bc 0x1000 0.92 df4777f90946c90c7a20b0f24f05c1f1

    ( 2 imports )
    > KERNEL32.dll: Sleep, GetStringTypeA, LCMapStringW, LCMapStringA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, GetStringTypeW
    > USER32.dll: SendMessageA, FindWindowA

    ( 0 exports )

    Merci encore
    A plus
    0
  17. DeNisCoOl Messages postés 2871 Statut Membre 224
     
    salut,

    - J'étais passé à côté la première fois, à tester sur virustotal (inconnu au bataillon sur google = mauvais signe) :

    c:\windows\System32\tpfmlh.dll

    Installer en même temps que :
    2009-01-30 19:34 . 2009-01-30 19:34 <REP> d-------- c:\program files\Alliance MCA (InternetFax)

    - Ce n'est peut être rien mais vous avez des traces de Ad-aware et Norton.
    Pour les traces de Norton:
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

    - Ensuite relancer HJThis, cliquer sur do a scan only, cocher les lignes suivantes, puis cliquer sur fix checked:
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?


    A+

    Denis
    0
  18. mathieu1403 Messages postés 24 Statut Membre
     
    Merci.
    Désolé pour le temps de réponse, mais j'étais en déplacement.
    Le PC est un peu plus rapide pour s'éteindre (notamment "arret en cours"), mais il est toujours aussi long le temps de quitter l'affichage du bureau lorsque il s'eteint.
    Voila pour le rapport sur Virustotal :

    Fichier tpfmlh.dll reçu le 2009.02.19 13:12:48 (CET)
    Situation actuelle: terminé

    Résultat: 0/39 (0.00%)
    Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.93 2009.02.19 -
    AhnLab-V3 2009.2.19.0 2009.02.19 -
    AntiVir 7.9.0.83 2009.02.19 -
    Authentium 5.1.0.4 2009.02.19 -
    Avast 4.8.1335.0 2009.02.18 -
    AVG 8.0.0.237 2009.02.19 -
    BitDefender 7.2 2009.02.19 -
    CAT-QuickHeal 10.00 2009.02.19 -
    ClamAV 0.94.1 2009.02.18 -
    Comodo 983 2009.02.18 -
    DrWeb 4.44.0.09170 2009.02.19 -
    eSafe 7.0.17.0 2009.02.18 -
    eTrust-Vet 31.6.6365 2009.02.19 -
    F-Prot 4.4.4.56 2009.02.19 -
    F-Secure 8.0.14470.0 2009.02.19 -
    Fortinet 3.117.0.0 2009.02.18 -
    GData 19 2009.02.19 -
    Ikarus T3.1.1.45.0 2009.02.19 -
    K7AntiVirus 7.10.630 2009.02.18 -
    Kaspersky 7.0.0.125 2009.02.19 -
    McAfee 5529 2009.02.17 -
    McAfee+Artemis 5529 2009.02.17 -
    Microsoft 1.4306 2009.02.19 -
    NOD32 3867 2009.02.19 -
    Norman 6.00.06 2009.02.19 -
    nProtect 2009.1.8.0 2009.02.19 -
    Panda 10.0.0.10 2009.02.19 -
    PCTools 4.4.2.0 2009.02.19 -
    Prevx1 V2 2009.02.19 -
    Rising 21.17.32.00 2009.02.19 -
    SecureWeb-Gateway 6.7.6 2009.02.19 -
    Sophos 4.38.0 2009.02.19 -
    Sunbelt 3.2.1855.2 2009.02.17 -
    Symantec 10 2009.02.19 -
    TheHacker 6.3.2.2.259 2009.02.18 -
    TrendMicro 8.700.0.1004 2009.02.19 -
    VBA32 3.12.10.0 2009.02.18 -
    ViRobot 2009.2.19.1615 2009.02.19 -
    VirusBuster 4.5.11.0 2009.02.18 -
    Information additionnelle
    File size: 12288 bytes
    MD5...: bf036fafdf97d30d911f20a7ef87e615
    SHA1..: fa49e7443710c5a89e8f6423277850a6329c8b33
    SHA256: 99804fa515cd57a5f0614807d0b3f9e1f01e27a15054fb66230baaad4be0a53d
    SHA512: 1fe41229763323817f56b6cdc965e99364f5a138ca2c2fff08aabedc98495a8a
    b875433c0bf6e4adb813f6bcac435bf96ad54e1e7ab0fa6069ec85bea99c2621
    ssdeep: 192:5T2elJHVZ0eKQ7RDjxREU2UOfAXm/brE0W01/TSeUWL4re3rGSj9qRqNbj:L
    X0/QdDjxyxUOfAXuPEXK/ee1GSjkqF

    PEiD..: -
    TrID..: File type identification
    Win64 Executable Generic (80.9%)
    Win32 Executable Generic (8.0%)
    Win32 Dynamic Link Library (generic) (7.1%)
    Generic Win/DOS Executable (1.8%)
    DOS Executable Generic (1.8%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x402906
    timedatestamp.....: 0x46764489 (Mon Jun 18 08:38:33 2007)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x22b7 0x2400 6.12 fafa22a1c4ba14db1cccf661a1e651f2
    .data 0x4000 0x84bc 0x200 2.09 2a2feb19744c83f817cc208a5a7b3533
    .rsrc 0xd000 0x178 0x200 2.24 789c7ee257a6a5530865e15cd2bd2088
    .reloc 0xe000 0x32a 0x400 4.04 6e33e28ce839bd732fd1c92b556a3b0d

    ( 5 imports )
    > msvcrt.dll: _adjust_fdiv, _initterm, free, malloc, _except_handler4_common, _amsg_exit, _XcptFilter, memcpy, _wcsnicmp, _vsnwprintf, memset
    > KERNEL32.dll: InterlockedExchange, Sleep, InterlockedCompareExchange, QueryPerformanceCounter, EnterCriticalSection, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, VerifyVersionInfoW, VerSetConditionMask, InitializeCriticalSection, SetLastError, GetLastError, WriteFile, GlobalFree, DeleteCriticalSection, DisableThreadLibraryCalls, SetEndOfFile, CreateFileW, CreateDirectoryW, MoveFileW, CloseHandle, FlushFileBuffers, GetCurrentThreadId, LeaveCriticalSection, GlobalAlloc, GetTickCount
    > ADVAPI32.dll: RegQueryValueExW, RegOpenKeyW, RegCloseKey
    > USER32.dll: MessageBoxA, MessageBoxW, LoadStringW
    > SPOOLSS.DLL: SetJobW, GetJobW, OpenPrinterW, ClosePrinter

    ( 1 exports )
    InitializePrintMonitor2

    A plus et merci
    0
  19. DeNisCoOl Messages postés 2871 Statut Membre 224
     
    salut,

    Une autre chose importante qui pourrait vous ralentir :
    System drive C: has 25 GB (22%) free of 113 GB

    Désactiver puis réactiver la restauration système (cela va vider l'espace pris par la restauration) qui prend beaucoup de place :
    http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista

    Avez vous également installé Wise Disk Cleaner, il fera beaucoup de ménage à télécharger --->ICI<---, procéder de la même manière qu'avec Wise Registry Cleaner.
    Par défaut il met tout dans la poubelle qu'il faudra vider quand vous vous serez assurez que tout tourne correctement après 1 redémarrage et 24-48h de travail.
    C'est une précaution à prendre la première fois mais c'est surtout WRC qui peut poser plus problème, en 1 an j'ai vu 2 cas mais cela se répare très rapidement bien garder le tuto de WRC en cas d'erreur.

    Ensuite une bonne défragmentation à faire 2fois, avec Jkdefrag extrêmement léger, rapide et simple d'utilisation, mais si vous préférez attendre Vista défragmente 1 fois par semaine habituellement.

    A+

    Denis
    0
  20. mathieu1403 Messages postés 24 Statut Membre
     
    Salut, j'ai fait tout ce qui a été proposé. Seul le logiciel de defragmentation plantait et était donc inutilisable. La défragmentation de Vista plante aussi.
    Le PC s'eteint plus rapidement (bien que ce soit encore un peu long, mais supportable), par contre, internet explorer est toujours plus lent et plante tres souvent.
    Merci de votre aide.
    0
  21. DeNisCoOl Messages postés 2871 Statut Membre 224
     
    salut,

    --> Avez vous désactivé et réactivé la restauration?
    Car cela devrait déjà faire de la place et donc permettre à la défragmentation de s'exécuter.
    En dessous de 20-21% d'espace libre Windows ne peut pas défragmenter, par contre celui que je t'ai proposé, devrait lui être capable, si je ne me trompes pas.

    --> Également aller dans le menu démarrer (logo windows), puis taper chkdsk /r (rectangle blanc au dessus du logo windows)
    Il va demander si vous voulez exécuter cette action lors du prochain redémarrage, acceptez et redémarrer.
    Il va vérifier si il n'y a pas des secteurs défectueux sur votre disque dur et réparer si possible.

    --> Réessayer la défragmentation.

    A+
    0
  • 1
  • 2