Please, besoin d'aide urgente PC qui rame...!

On verra bien mais ces lignes ne me disent rien qui vaillent et il a un toolbar bizarre et tu as vu le nombre de processus?

bonsoir,

voila le rapport lopS&D:

'© Eric_71 ( Contact : eric.71.MesPages@gmail.com )
On Error Resume Next
Dim fso
Set FSO = CreateObject("Scripting.FileSystemObject")
Set FTX = FSO.createTextFile("OS_v.txt",true)
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\cimv2")

Set OS__infos = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
Set BO__infos = objWMIService.ExecQuery("Select * from Win32_ComputerSystem")
Set US__infos = objWMIService.ExecQuery("Select * from Win32_NetworkLoginProfile")
Set PR__infos = objWMIService.ExecQuery("Select * from Win32_Processor")
Set BI__infos = objWMIService.ExecQuery("Select * from Win32_BIOS")
Set DI__infos = objWMIService.ExecQuery("Select * from Win32_LogicalDisk",,48)
Set objWMISecurity = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\SecurityCenter")
Set colAV = objWMISecurity.ExecQuery("Select * from AntiVirusProduct")
Set colFI = objWMISecurity.ExecQuery("Select * from FirewallProduct")
Set wshNetwork = CreateObject("WScript.Network")
strUser = wshNetwork.Username
For Each objOS__ in OS__infos
OSvers = objOS__.Caption & " ( v" & objOS__.Version & " ) " & objOS__.CSDVersion
OSbuild = objOS__.BuildType
Next
For Each objBO__ in BO__infos
BOprocT = objBO__.SystemType
Next
For Each objPR__ in PR__infos
PRprocN = objPR__.Name
Next
For Each objBI__ in BI__infos
BIbios = "BIOS : " & objBI__.Name
Next
For Each objUS__ in US__infos
If objUS__.Privileges = 2 Then
USuser = "USER : " & strUser & " ( Administrator )"
Else
USuser = "USER : " & strUser & " ( Not Administrator ! )"
End If
Next
For Each objBO__ in BO__infos
BOboot = "BOOT : " & objBO__.BootupState
Next
For Each objAV In colAV
If objAV.OnAccessScanningEnabled = 0 Then
AVstatus = "Not Activated"
Else
AVstatus = "Activated"
End If
Next
For Each objFI In colFI
If objFI.Enabled = 0 Then
FIstatus = "Not Activated"
Else
FIstatus = "Activated"
End If
Next
For Each objAV in colAV
AVstat = "Antivirus : " & objAV.DisplayName & " " & objAV.VersionNumber & " (" & AVstatus & ")"
Next
For Each objFI In colFI
FIstat = "Firewall : " & objFI.DisplayName & " " & objFI.VersionNumber & " (" & FIstatus & ")"
Next
For Each objDI__ in DI__infos
Select Case objDI__.DriveType
Case 1 strTL = "..."
Case 2 strTL = "USB"
Case 3 strTL = "Local Disk"
Case 4 strTL = "Network Disk"
Case 5 strTL = "CD or DVD"
Case 6 strTL = "RAM"
Case Else strTL = "..."
End Select
If objDI__.DriveType =2 Then
strTD = Int(objDI__.Size /1048576) & " Mo"
Else
strTD = Int(objDI__.Size /1073741824) & " Go"
End If
if strTD = " Go" Then
strDI = strDI & objDI__.Name & "\ (" & strTL & ")" & vbCrlf
elseif strTD = " Mo" Then
strDI = strDI & objDI__.Name & "\ (" & strTL & ")" & vbCrlf
else
strDI = strDI & objDI__.Name & "\ (" & strTL & ") - " & objDI__.FileSystem & _
" - Total:" & strTD & " (Free:" & Int(objDI__.FreeSpace /1073741824) & " Go)" & vbCrlf
end if
Next
FTX.writeline OSvers
FTX.writeline BOprocT & " ( " & OSbuild & " : " & PRprocN & " )"
FTX.writeline BIbios
FTX.writeline USuser
FTX.writeline BOboot
FTX.writeline ""
FTX.writeline AVstat
FTX.writeline FIstat
FTX.writeline ""
FTX.writeline strDI
FTX.close

Merci

Bonosir jacques,

dslé pr le retard, voila ce que me donnes le logiciel , c'est la suite du rapport :

que dois je donc faire et encore merci

--------------------\\ Lop S&D 4.2.5-0 XP/Vista


"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 07/04/2009|22:57 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[25/02/2008|12:41] C:\Users\sohaib\AppData\Local\Adobe
[25/06/2008|17:53] C:\Users\sohaib\AppData\Local\Ahead
[06/04/2008|17:05] C:\Users\sohaib\AppData\Local\alwhyyn_site
[13/11/2007|23:04] C:\Users\sohaib\AppData\Local\Application Data
[31/03/2009|22:05] C:\Users\sohaib\AppData\Local\Axialis
[12/02/2009|16:29] C:\Users\sohaib\AppData\Local\d3d9caps.dat
[04/04/2009|17:59] C:\Users\sohaib\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[22/03/2009|17:29] C:\Users\sohaib\AppData\Local\GDIPFONTCACHEV1.DAT
[16/05/2008|13:29] C:\Users\sohaib\AppData\Local\Google
[13/11/2007|23:04] C:\Users\sohaib\AppData\Local\Historique
[07/04/2009|22:43] C:\Users\sohaib\AppData\Local\IconCache.db
[04/04/2009|00:07] C:\Users\sohaib\AppData\Local\Microsoft
[20/11/2007|18:19] C:\Users\sohaib\AppData\Local\Microsoft Games
[17/11/2007|17:52] C:\Users\sohaib\AppData\Local\Microsoft Help
[10/12/2007|22:49] C:\Users\sohaib\AppData\Local\Mozilla
[25/03/2008|19:33] C:\Users\sohaib\AppData\Local\PowerCinema
[07/04/2009|22:54] C:\Users\sohaib\AppData\Local\Temp
[13/11/2007|23:04] C:\Users\sohaib\AppData\Local\Temporary Internet Files
[03/12/2007|17:46] C:\Users\sohaib\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[07/04/2009 19:21][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{4BD164FC-D402-48B4-8DEF-A5E879090933}.job
[07/04/2009 22:46][--ah-----] C:\Windows\tasks\SA.DAT
[07/04/2009 22:44][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[06/05/2007|23:16] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[03/03/2008|00:07] C:\ProgramData\addr_file.html
[02/04/2009|23:16] C:\ProgramData\Adobe
[02/11/2006|14:59] C:\ProgramData\Application Data
[22/12/2008|13:38] C:\ProgramData\Avira
[12/05/2008|22:51] C:\ProgramData\AVS4YOU
[13/11/2007|23:00] C:\ProgramData\Bureau
[13/01/2008|00:41] C:\ProgramData\CyberLink
[02/11/2006|14:59] C:\ProgramData\Desktop
[02/11/2006|14:59] C:\ProgramData\Documents
[14/11/2007|19:42] C:\ProgramData\eSobi
[05/03/2009|17:48] C:\ProgramData\ezsidmv.dat
[13/11/2007|23:00] C:\ProgramData\Favoris
[02/11/2006|14:59] C:\ProgramData\Favorites
[18/08/2008|15:31] C:\ProgramData\Google
[02/03/2008|22:55] C:\ProgramData\iolo
[18/02/2008|19:25] C:\ProgramData\Lavasoft
[24/06/2008|21:51] C:\ProgramData\LightScribe
[02/03/2008|23:53] C:\ProgramData\LUUnInstall.LiveUpdate
[13/11/2007|23:00] C:\ProgramData\Menu D‚marrer
[02/02/2009|19:01] C:\ProgramData\Microsoft
[21/03/2009|20:19] C:\ProgramData\Microsoft Help
[13/11/2007|23:00] C:\ProgramData\Modٹles
[24/06/2008|14:18] C:\ProgramData\Nero
[05/03/2009|17:42] C:\ProgramData\Skype
[31/03/2009|21:32] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:59] C:\ProgramData\Start Menu
[03/03/2008|00:03] C:\ProgramData\Symantec
[01/03/2009|14:16] C:\ProgramData\TEMP
[02/11/2006|14:59] C:\ProgramData\Templates
[06/08/2008|23:26] C:\ProgramData\WindowsSearch
[06/05/2008|15:48] C:\ProgramData\WinZip
[01/12/2007|18:14] C:\ProgramData\WLInstaller
[31/03/2009|21:31] C:\ProgramData\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files

[11/09/2007|16:17] C:\Program Files\Acer Inc
[06/05/2007|23:16] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[27/02/2009|18:17] C:\Program Files\Adobe
[05/04/2009|20:57] C:\Program Files\All2Chat
[03/03/2009|14:02] C:\Program Files\alwhyyn_site
[11/10/2008|16:38] C:\Program Files\Athan
[11/09/2007|16:11] C:\Program Files\ATI
[11/09/2007|16:13] C:\Program Files\ATI Technologies
[22/12/2008|13:38] C:\Program Files\Avira
[12/05/2008|22:51] C:\Program Files\AVS4YOU
[02/03/2008|23:24] C:\Program Files\CCleaner
[05/03/2009|17:42] C:\Program Files\Common Files
[06/04/2008|17:05] C:\Program Files\Conduit
[06/08/2008|19:24] C:\Program Files\Cyberlink
[09/03/2009|22:46] C:\Program Files\eBook Workshop
[06/05/2007|23:26] C:\Program Files\eSobi
[13/11/2007|23:00] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[18/08/2008|15:31] C:\Program Files\Google
[18/08/2008|15:36] C:\Program Files\inKline Global
[24/03/2009|20:55] C:\Program Files\InstallShield Installation Information
[05/04/2009|22:32] C:\Program Files\Internet Explorer
[06/04/2008|13:09] C:\Program Files\iolo
[08/05/2008|21:31] C:\Program Files\islamCtvplayer
[05/04/2008|15:56] C:\Program Files\iVocalize Web Conference 4
[25/03/2009|18:08] C:\Program Files\Java
[14/12/2007|23:36] C:\Program Files\Lavasoft
[28/03/2009|23:19] C:\Program Files\Leroy Merlin
[24/03/2009|20:55] C:\Program Files\Logitech
[01/12/2007|19:39] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[06/05/2007|23:16] C:\Program Files\Microsoft Office
[27/02/2009|12:22] C:\Program Files\Microsoft Silverlight
[05/10/2008|17:57] C:\Program Files\Microsoft Works
[06/05/2007|23:14] C:\Program Files\Microsoft.NET
[20/12/2007|21:25] C:\Program Files\MioNet
[25/03/2008|23:48] C:\Program Files\Movie Maker
[02/01/2009|22:12] C:\Program Files\Mozilla Firefox
[02/11/2006|14:35] C:\Program Files\MSBuild
[28/04/2008|13:15] C:\Program Files\MSECache
[01/12/2007|19:29] C:\Program Files\MSXML 4.0
[04/04/2009|00:07] C:\Program Files\Navilog1
[24/06/2008|14:18] C:\Program Files\Nero
[01/12/2007|17:06] C:\Program Files\Neuf
[06/08/2008|23:42] C:\Program Files\NewTech Infosystems
[03/07/2008|13:37] C:\Program Files\OpenOffice.org 2.4
[05/02/2008|16:07] C:\Program Files\Paltalk Messenger
[10/06/2008|01:09] C:\Program Files\RamBoost XP
[02/12/2007|20:11] C:\Program Files\Real
[06/05/2007|23:00] C:\Program Files\Realtek
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[02/03/2008|15:47] C:\Program Files\RegClean
[14/11/2007|15:11] C:\Program Files\Samsung
[28/05/2008|12:01] C:\Program Files\shamela library
[05/03/2009|17:42] C:\Program Files\Skype
[31/03/2009|21:32] C:\Program Files\Spybot - Search & Destroy
[18/08/2008|23:29] C:\Program Files\Trend Micro
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[02/12/2007|23:40] C:\Program Files\uTorrent
[20/11/2007|22:08] C:\Program Files\VideoLAN
[20/11/2007|22:12] C:\Program Files\Winamp
[25/03/2008|23:48] C:\Program Files\Windows Calendar
[25/03/2008|23:48] C:\Program Files\Windows Collaboration
[25/03/2008|23:48] C:\Program Files\Windows Defender
[02/02/2009|19:08] C:\Program Files\Windows Live
[12/03/2009|12:18] C:\Program Files\Windows Mail
[12/03/2009|12:18] C:\Program Files\Windows Media Player
[13/11/2007|23:00] C:\Program Files\Windows NT
[25/03/2008|23:48] C:\Program Files\Windows Photo Gallery
[25/03/2008|23:48] C:\Program Files\Windows Sidebar
[02/03/2008|23:09] C:\Program Files\WinRAR
[06/05/2008|15:47] C:\Program Files\WinZip
[31/03/2009|21:32] C:\Program Files\Yahoo!
[19/05/2008|06:59] C:\Program Files\ڑ¥èںê ں颤يï§

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[27/02/2009|18:20] C:\Program Files\Common Files\Adobe
[12/05/2008|22:50] C:\Program Files\Common Files\AVSMedia
[06/05/2007|23:14] C:\Program Files\Common Files\DESIGNER
[06/05/2007|23:23] C:\Program Files\Common Files\InstallShield
[16/05/2008|12:47] C:\Program Files\Common Files\Java
[06/05/2007|23:11] C:\Program Files\Common Files\LightScribe
[06/03/2009|01:43] C:\Program Files\Common Files\microsoft shared
[06/05/2007|23:11] C:\Program Files\Common Files\muvee Technologies
[24/06/2008|14:21] C:\Program Files\Common Files\Nero
[06/08/2008|23:42] C:\Program Files\Common Files\NewTech Infosystems
[18/02/2008|21:01] C:\Program Files\Common Files\Nullsoft
[08/03/2008|00:15] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[05/03/2009|17:42] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[11/08/2008|10:24] C:\Program Files\Common Files\Symantec Shared
[25/03/2008|23:48] C:\Program Files\Common Files\System
[02/02/2009|19:01] C:\Program Files\Common Files\Windows Live
[01/12/2007|18:19] C:\Program Files\Common Files\WindowsLiveInstaller
[30/01/2009|15:15] C:\Program Files\Common Files\Wise Installation Wizard
[08/03/2008|00:15] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 73 Processes )

iexplore.exe ~ [PID:2644]
iexplore.exe ~ [PID:3296]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 23:43:40
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 22:57:36
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:354][D:12]-> C:\Users\sohaib\AppData\Local\Temp
[F:34][D:1]-> C:\Users\sohaib\AppData\Roaming\MICROS~1\Windows\Cookies
[F:235][D:5]-> C:\Users\sohaib\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 07/04/2009|22:59 - Option : [1]

--------------------\\ Fin du rapport a 22:59:12
[ UAC => 1 ]

Bonsoir,

j'ai pas pu l'exécuter comme logiciel nommé "jacob" ,j'avais un msg qui me demande de changer le nom du logiciel pour que je puisse l'utiliser donc je l'ai nommé "combofix" et j'ai demarré le scan

et voila ce que j'ai obtenu comme rapport:

ComboFix 09-04-03.01 - sohaib 2009-04-08 22:13:41.1 - NTFSx86
Microsoft® Windows Vista™ Edition Familiale Basique 6.0.6001.1.1256.966.1036.18.767.283 [GMT 2:00]
Running from: c:\users\sohaib\Desktop\combofix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-08 22:09 . 2009-04-08 22:10 <REP> d----c--- C:\jacob
2009-04-07 23:33 . 2009-04-07 23:33 <REP> d-------- c:\users\sohaib\AppData\Roaming\Malwarebytes
2009-04-07 23:33 . 2009-04-07 23:33 <REP> d-------- c:\users\All Users\Malwarebytes
2009-04-07 23:33 . 2009-04-07 23:33 <REP> d-------- c:\programdata\Malwarebytes
2009-04-07 23:33 . 2009-04-07 23:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-07 23:33 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-07 23:33 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-05 21:55 . 2009-04-05 21:55 <REP> d--h----- c:\windows\msdownld.tmp
2009-04-04 22:38 . 2009-04-07 23:28 <REP> d----c--- C:\Lop SD
2009-03-28 23:19 . 2009-03-28 23:19 2,050,974 --a------ c:\windows\System32\Reves-Nature.scr
2009-03-28 23:18 . 2009-03-28 23:19 <REP> d-------- c:\program files\Leroy Merlin
2009-03-28 23:18 . 2009-03-28 23:49 2,012,385 --a------ c:\windows\System32\Deco-Pour-Tous.scr
2009-03-24 20:55 . 2009-03-24 20:55 <REP> d-------- c:\program files\Logitech
2009-03-11 14:19 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 14:19 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 14:19 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 14:19 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 14:19 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 14:19 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-09 22:43 . 2009-03-09 22:46 <REP> d-------- c:\program files\eBook Workshop
2009-03-08 13:27 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-08 13:27 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-08 13:27 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-08 13:27 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-08 13:27 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-08 13:27 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-08 13:27 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-08 13:27 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-08 13:17 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-08 13:17 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-08 13:17 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-08 13:17 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-08 13:17 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 20:06 --------- d-----w c:\users\sohaib\AppData\Roaming\Skype
2009-04-08 16:00 --------- d-----w c:\users\sohaib\AppData\Roaming\skypePM
2009-04-05 18:57 --------- d-----w c:\program files\All2Chat
2009-04-04 16:02 --------- d-----w c:\users\sohaib\AppData\Roaming\uTorrent
2009-04-03 22:07 --------- d-----w c:\program files\Navilog1
2009-03-31 19:33 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-03-31 19:32 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-31 19:32 --------- d-----w c:\program files\Yahoo!
2009-03-31 19:32 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-31 19:31 --------- d-----w c:\users\sohaib\AppData\Roaming\Yahoo!
2009-03-31 19:31 --------- d-----w c:\programdata\Yahoo!
2009-03-25 16:08 --------- d-----w c:\program files\Java
2009-03-24 18:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 18:19 --------- d-----w c:\programdata\Microsoft Help
2009-03-12 10:18 --------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-05 15:48 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-03-05 15:48 56 ---ha-w c:\programdata\ezsidmv.dat
2009-03-05 15:42 --------- d-----w c:\programdata\Skype
2009-03-05 15:42 --------- d-----w c:\program files\Common Files\Skype
2009-03-05 15:42 --------- d-----r c:\program files\Skype
2009-03-03 12:02 --------- d-----w c:\program files\alwhyyn_site
2009-03-01 12:16 --------- d---a-w c:\programdata\TEMP
2009-02-27 16:20 --------- d-----w c:\program files\Common Files\Adobe
2009-02-27 10:22 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-14 21:46 502 ----a-w c:\users\sohaib\AppData\Roaming\wklnhst.dat
2008-07-03 10:46 413,696 ----a-w c:\users\sohaib\Visual_Studio_Tools_For_Office_2003_FR.exe
2008-03-25 21:57 174 --sha-w c:\program files\desktop.ini
2009-01-02 20:12 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-02 20:12 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-02 20:12 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-02 20:12 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-02 20:12 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4b14ed8f-5065-4f6a-9011-688d37949774}"= "c:\program files\alwhyyn_site\tbalw0.dll" [2009-03-03 1883672]

[HKEY_CLASSES_ROOT\clsid\{4b14ed8f-5065-4f6a-9011-688d37949774}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4b14ed8f-5065-4f6a-9011-688d37949774}]
2009-03-03 14:05 1883672 --a------ c:\program files\alwhyyn_site\tbalw0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4b14ed8f-5065-4f6a-9011-688d37949774}"= "c:\program files\alwhyyn_site\tbalw0.dll" [2009-03-03 1883672]

[HKEY_CLASSES_ROOT\clsid\{4b14ed8f-5065-4f6a-9011-688d37949774}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4B14ED8F-5065-4F6A-9011-688D37949774}"= "c:\program files\alwhyyn_site\tbalw0.dll" [2009-03-03 1883672]

[HKEY_CLASSES_ROOT\clsid\{4b14ed8f-5065-4f6a-9011-688d37949774}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2007-01-12 151552]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

c:\users\sohaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-05-06 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{27A992E8-3191-4058-BDC4-1321D34A3BBD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{825364F4-5206-4106-9837-CCC9FB893293}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7544676B-122D-44D9-B6F1-22A42CF36183}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{1A18564B-6511-4C7F-B95E-0AD529D9AAFD}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{430E7B5A-ED11-4EF7-8DF9-667B33EAAC06}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DA1105DE-4BE7-4B2B-AAEE-53F097886656}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{CFBC0B43-1C70-4ABA-BB3E-E43C77F8BE25}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{18445D2C-D128-4CAD-947E-B2325697F881}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{099DDF30-104B-4051-9DB3-DFF987ACA760}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{3581E512-D757-494D-BD3E-80CAF7F123AB}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E6F380B5-8F7F-4FE3-A621-950DA07F5F68}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C688BF6E-CF5B-400B-9AC3-1B4FA2BD6244}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C39FBD12-4224-45C7-BB42-04B70A9DB222}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{4B0F9F55-2B7C-4171-ACD6-C2E2AE9524A2}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{DAFB5B99-7AB3-4358-B829-9DEE49B5BE01}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{B18A4B88-F02E-4DA7-9438-4EA7DF7FE427}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A4BE8179-9355-4121-ACB2-4FF19F34A123}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{7AD1CEC3-3844-4A05-B3D4-256FAD43F0F6}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [2008-03-02 12800]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-03-08 628584]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-03-08 628584]
S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\System32\drivers\MRVW225.sys [2008-06-24 299904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{611cd989-606f-11dc-a3cb-da87a5ffda38}]
\shell\AutoRun\command - 1weicxa.com
\shell\explore\Command - 1weicxa.com
\shell\open\Command - 1weicxa.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f03fec0-1779-11dd-af57-001c252e041a}]
\shell\AutoRun\command - J:\jfvkcsy.bat
\shell\explore\Command - J:\jfvkcsy.bat
\shell\open\Command - J:\jfvkcsy.bat
.
Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\User_Feed_Synchronization-{4BD164FC-D402-48B4-8DEF-A5E879090933}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 13:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\sohaib\AppData\Roaming\Mozilla\Firefox\Profiles\7ofj6sm4.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
.
------- File Associations -------
.
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 22:17:54
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-08 22:20:43
ComboFix-quarantined-files.txt 2009-04-08 20:20:39

Pre-Run: 40 334 966 784 octets libres
Post-Run: 40,365,604,864 octets libres

233 --- E O F --- 2009-04-07 10:50:28


Que dois je fair mnt?

Merci bcp