Probleme redirection vers sites diversRésolu/Fermé

Question

Bonjour,

depuis quelques jours (environ 2 ou 3), dès que je me connecte sur un site, la plupart des liens se redirige sur des sites comme globalxonline et autres.
j'ai alors installé Mozilla firefox et pour l'instant pas de souci dessus.

Je travaille sur un ordinateur portable Acer sous Windows vista avec une conexion Wifi livebox de orange

voici le log hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:28, on 16/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\System32undll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Users\chris\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\chris\Downloads\HiJackThis.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\Windows\system32\autochk.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\Users\chris\protect.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@0 (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

Narco!4 · Answer

Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre

batlaurenz · Answer

Merci pour la rapidité,

voici le log genproc

Rapport GenProc 2.627 [2] - 16/09/2009 à 17:04:21 
@ Windows Vista Service Pack 1 - Mode normal
@ Internet Explorer (8.0.6001.18813) [Navigateur par défaut]

~~ CM DISK ERROR ~~ 
~~ INTERRUPTION REQUETES COMPTEURMAX ~~  
 
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :


C:\Windows\System32\Drivers\gasfkysswomkpb.sys 
C:\Windows\System32\gasfkyjtxxltci.dat 
C:\Windows\System32\gasfkyrpqyeiuv.dll 
C:\Windows\System32\gasfkywmuqitbq.dll 
C:\Windows\System32\gasfkyynrvfotf.dat 


et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.

 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:13, on 16/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\System32undll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Users\chris\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Windows\system32\cmd.exe
C:\GenProc\outil\chris_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\Windows\system32\autochk.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\Users\chris\protect.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@0 (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

Narco!4 · Answer

peut tu relancé genproc stp

batlaurenz · Answer

et voici !!!!

Rapport GenProc 2.627 [3] - 16/09/2009 à 22:44:42 
@ Windows Vista Service Pack 1 - Mode normal
@ Internet Explorer (8.0.6001.18813) [Navigateur par défaut]

~~ CM DISK ERROR ~~ 
 
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :  
C:\Program Files\EsetOnlineScanner\log.txt

 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:32, on 16/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\System32undll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Users\chris\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Windows\system32\cmd.exe
C:\GenProc\outil\chris_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\Windows\system32\autochk.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\Users\chris\protect.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\Windows\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@0 (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

Narco!4 · Answer

[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

batlaurenz · Answer

voici le resultat de ComboFix :

Pour info pendant l'examen, l'explorateur windows n'a pas cessé de redémarrer


ComboFix 09-09-16.02 - chris 17/09/2009 10:00.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.33.1036.18.3068.1735 [GMT 2:00]
Lancé depuis: c:\users\chris\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
 * Un antivirus résident est actif

.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2301886025-170467881-2458385847-500
c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll
c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.lnk
c:\users\chris\protect.dll
c:\windows\Installer\2c3c3.msi
c:\windows\Suyin.reg
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\gasfkysswomkpb.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\watwmuhvlux.sys
c:\windows\system32\gasfkyjtxxltci.dat
c:\windows\system32\gasfkyynrvfotf.dat

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gasfkycocpxtyr
-------\Legacy_IFBVMUMFMYKJI
-------\Service_gasfkycocpxtyr


(((((((((((((((((((((((((((((   Fichiers créés du 2009-08-17 au 2009-09-17  ))))))))))))))))))))))))))))))))))))
.

2009-09-17 08:22 . 2009-09-17 08:22	--------	d-----w-	c:\users\Default\AppData\Local	emp
2009-09-16 20:40 . 2009-09-16 20:40	10684866	----a-w-	c:\users\chris\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-09-16 14:52 . 2009-09-16 20:44	--------	d-----w-	C:\GenProc
2009-09-16 08:43 . 2009-09-16 08:43	335	----a-w-	c:\windows
sreg.dat
2009-09-16 08:43 . 2009-09-16 08:43	--------	d-----w-	c:\users\chris\AppData\Roaming\Talkback
2009-09-16 08:43 . 2009-09-16 08:43	99024	----a-w-	c:\windows\MozillaUninstall.exe
2009-09-16 08:43 . 2009-09-16 08:43	98512	----a-w-	c:\windows\GREUninstall.exe
2009-09-16 08:43 . 2009-09-16 08:43	9436	----a-w-	c:\windows\mozver.dat
2009-09-16 08:43 . 2009-09-16 08:43	--------	d-----w-	c:\program files\Common Files\mozilla.org
2009-09-16 08:42 . 2009-09-16 08:42	--------	d-----w-	c:\program files\mozilla.org
2009-09-15 07:29 . 2009-09-15 07:29	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2009-09-13 20:35 . 2009-09-13 20:35	--------	d-----w-	c:\programdata\Azureus
2009-09-13 20:09 . 2009-09-16 21:18	--------	d-----w-	c:\users\chris\AppData\Roaming\Azureus
2009-09-13 20:08 . 2009-09-13 20:09	--------	d-----w-	c:\program files\Vuze
2009-09-13 19:22 . 2009-09-13 19:21	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-09-13 19:21 . 2009-09-13 19:21	--------	d-----w-	c:\program files\Java
2009-09-11 18:11 . 2009-06-10 12:11	2868224	----a-w-	c:\windows\system32\mf.dll
2009-09-08 08:41 . 2009-09-08 08:41	--------	d-----w-	c:\programdata\NtiDvdCopy
2009-09-07 08:16 . 2009-09-07 08:16	--------	d-sh--w-	c:\windows\ftpcache
2009-09-02 21:31 . 2009-08-28 12:39	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2009-09-02 21:31 . 2009-08-28 10:15	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 17:19 . 2009-09-02 17:19	--------	d-----w-	c:\users\chris\AppData\Local\PC_Drivers_Headquarters
2009-09-02 17:18 . 2009-09-02 17:18	--------	d-----w-	c:\programdata\PC Drivers HeadQuarters
2009-09-02 17:18 . 2009-09-02 17:18	--------	d-----w-	c:\program files\PC Drivers HeadQuarters
2009-08-30 13:29 . 2009-08-30 13:32	--------	d-----w-	c:\windows\system32\Samsung_USB_Drivers
2009-08-30 13:28 . 2009-08-30 13:44	5632	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2009-08-30 13:28 . 2009-08-30 13:28	--------	d-----w-	c:\program files\Samsung
2009-08-30 12:22 . 2009-08-30 12:23	--------	d---a-w-	c:\program files\HP PSE 9.0 SW
2009-08-29 11:09 . 2009-08-29 14:49	--------	d-----w-	c:\program files\Cradle Of Rome
2009-08-29 08:44 . 2009-08-29 08:46	--------	d-----w-	c:\users\chris\AppData\Local\Nero
2009-08-28 18:08 . 2009-08-28 18:08	--------	d-----w-	c:\programdata\LightScribe
2009-08-28 17:51 . 2009-09-08 12:33	--------	dc----w-	c:\windows\system32\DRVSTORE
2009-08-28 17:50 . 2008-08-20 03:33	1315328	----a-w-	c:\windows\system32\ole32.dll
2009-08-28 16:29 . 2009-08-28 16:30	--------	d-----w-	c:\program files\CCleaner
2009-08-26 01:01 . 2009-06-22 10:22	2048	----a-w-	c:\windows\system32	zres.dll
2009-08-25 08:58 . 2008-09-16 19:23	168448	----a-w-	c:\windows\system32\unrar.dll
2009-08-25 08:57 . 2009-08-25 08:59	--------	d-----w-	c:\program files\K-Lite Codec Pack
2009-08-24 21:40 . 2009-08-24 21:40	--------	d-----w-	c:\program files\Media Player Classic
2009-08-24 21:40 . 2009-08-24 21:40	--------	d-----w-	c:\program files\Real Alternative
2009-08-22 17:00 . 2009-08-29 10:51	--------	d-----w-	c:\users\chris\AppData\Roaming\iWin
2009-08-22 16:58 . 2009-08-22 17:04	--------	d-----w-	c:\program files\Jewel Quest Solitaire II
2009-08-22 16:58 . 2009-08-22 16:58	--------	d-----w-	c:\program files\ReflexiveArcade
2009-08-21 21:37 . 2009-09-08 12:54	--------	d-----w-	c:\programdata\Nero
2009-08-21 21:37 . 2009-09-08 12:54	--------	d-----w-	c:\program files\Common Files\Nero
2009-08-21 21:34 . 2009-08-21 21:35	--------	d-----w-	c:\program files\Mythic Mahjong
2009-08-21 11:03 . 2009-08-21 11:03	--------	d-----w-	c:\programdata\Apple Computer
2009-08-21 11:01 . 2009-08-21 11:01	--------	d-----w-	c:\users\chris\AppData\Local\Apple
2009-08-21 11:01 . 2009-08-21 11:01	--------	d-----w-	c:\program files\Apple Software Update
2009-08-21 11:01 . 2009-08-21 11:01	--------	d-----w-	c:\programdata\Apple
2009-08-20 22:08 . 2009-08-20 22:08	--------	d-----w-	c:\program files\Unalis
2009-08-20 21:25 . 2009-08-20 21:25	--------	d-----w-	c:\users\chris\AppData\Local\CyberLink
2009-08-20 21:25 . 2009-08-20 21:25	--------	d-----w-	c:\users\chris\AppData\Local\SoftDMA
2009-08-20 21:25 . 2009-08-20 21:25	--------	d-----w-	c:\users\chris\AppData\Local\PlayMovie
2009-08-20 21:25 . 2009-08-20 21:25	--------	d-----w-	c:\users\chris\AppData\Local\Acer Arcade Deluxe
2009-08-20 21:25 . 2009-08-20 21:26	--------	d-----w-	c:\users\chris\AppData\Roaming\CyberLink
2009-08-20 20:22 . 2009-08-20 20:22	--------	d-----w-	c:\program files\Ganymede
2009-08-20 20:16 . 2009-08-20 20:16	--------	d-----w-	c:\program files\Personal Soft
2009-08-20 20:08 . 2009-08-20 20:10	--------	d-----w-	c:\windows\uninstall\MaxJongg
2009-08-20 20:08 . 2009-08-20 20:08	--------	d-----w-	c:\windows\uninstall
2009-08-20 16:22 . 2009-01-22 13:28	290816	----a-w-	c:\windows\system32\decdll.dll
2009-08-20 16:22 . 2009-08-20 16:22	--------	d-----w-	c:\program files\Free Video Converter
2009-08-19 13:05 . 2009-08-24 21:34	--------	d-----w-	c:\program files\WinAVI MP4 Converter
2009-08-19 09:07 . 2009-08-29 10:20	--------	d-----w-	c:\users\chris\AppData\Local\Adobe
2009-08-19 08:13 . 2009-08-19 08:13	--------	d-----w-	c:\users\chris\AppData\Local\Microsoft Help
2009-08-19 08:04 . 2008-06-20 01:14	97800	----a-w-	c:\windows\system32\infocardapi.dll
2009-08-19 08:04 . 2008-06-20 01:14	105016	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-19 08:04 . 2008-06-20 01:14	622080	----a-w-	c:\windows\system32\icardagt.exe
2009-08-19 08:04 . 2008-06-20 01:14	43544	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2009-08-19 08:04 . 2008-06-20 01:14	11264	----a-w-	c:\windows\system32\icardres.dll
2009-08-19 08:04 . 2008-06-20 01:14	781344	----a-w-	c:\windows\system32\PresentationNative_v0300.dll
2009-08-19 08:04 . 2008-06-20 01:14	326160	----a-w-	c:\windows\system32\PresentationHost.exe
2009-08-19 07:54 . 2008-07-27 18:03	96760	----a-w-	c:\windows\system32\dfshim.dll
2009-08-19 07:54 . 2008-07-27 18:03	282112	----a-w-	c:\windows\system32\mscoree.dll
2009-08-19 07:54 . 2008-07-27 18:03	41984	----a-w-	c:\windows\system32
etfxperf.dll
2009-08-19 07:54 . 2008-07-27 18:03	158720	----a-w-	c:\windows\system32\mscorier.dll
2009-08-19 07:54 . 2008-07-27 18:03	83968	----a-w-	c:\windows\system32\mscories.dll
2009-08-19 07:49 . 2009-03-08 11:32	72704	----a-w-	c:\windows\system32\admparse.dll
2009-08-19 07:33 . 2009-06-15 15:21	499712	----a-w-	c:\windows\system32\kerberos.dll
2009-08-19 07:33 . 2009-06-15 15:24	175104	----a-w-	c:\windows\system32\wdigest.dll
2009-08-19 07:33 . 2009-06-15 15:23	1256448	----a-w-	c:\windows\system32\lsasrv.dll
2009-08-19 07:33 . 2009-06-15 15:22	213504	----a-w-	c:\windows\system32\msv1_0.dll
2009-08-19 07:33 . 2009-06-15 15:24	270848	----a-w-	c:\windows\system32\schannel.dll
2009-08-19 07:33 . 2009-06-15 18:20	439896	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2009-08-19 07:33 . 2009-06-15 12:57	9728	----a-w-	c:\windows\system32\lsass.exe
2009-08-19 07:33 . 2009-06-15 15:24	72704	----a-w-	c:\windows\system32\secur32.dll
2009-08-19 06:17 . 2009-04-30 12:37	293376	----a-w-	c:\windows\system32\psisdecd.dll
2009-08-19 06:17 . 2009-04-30 12:37	428544	----a-w-	c:\windows\system32\EncDec.dll
2009-08-18 15:16 . 2009-08-18 15:20	--------	d-----w-	c:\program files\Microsoft AutoRoute
2009-08-18 15:14 . 2009-08-18 15:14	--------	d-----w-	c:\program files\Windows Live Safety Center
2009-08-18 15:10 . 2009-08-18 15:11	--------	d-----w-	c:\program files\Encarta
2009-08-18 15:05 . 2009-08-18 15:09	--------	d-----w-	c:\program files\Picture It! Premium 10
2009-08-18 15:03 . 2009-08-18 15:53	--------	d-----w-	c:\program files\microsoft money 2005
2009-08-18 14:50 . 2009-08-18 14:50	--------	d-----w-	c:\program files\Microsoft Works Suite 2005
2009-08-18 13:39 . 2009-09-08 08:14	--------	d-----w-	c:\users\chris\AppData\Roaming\dvdcss

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 08:27 . 2009-08-10 09:38	12	----a-w-	c:\windows\bthservsdp.dat
2009-09-17 07:52 . 2009-08-01 20:38	118243	----a-w-	c:\programdata
vModes.dat
2009-09-16 13:56 . 2009-08-18 15:38	186	----a-w-	c:\users\chris\AppData\Roaming\wklnhst.dat
2009-09-16 13:38 . 2008-01-21 08:40	676694	----a-w-	c:\windows\system32\perfh00C.dat
2009-09-16 13:38 . 2008-01-21 08:40	126800	----a-w-	c:\windows\system32\perfc00C.dat
2009-09-14 20:44 . 2009-01-13 04:21	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-09-14 09:54 . 2009-08-16 20:21	680	----a-w-	c:\users\chris\AppData\Local\d3d9caps.dat
2009-09-13 14:23 . 2009-08-10 14:05	--------	d-----w-	c:\users\chris\AppData\Roaming\vlc
2009-09-12 09:57 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-09-08 14:13 . 2009-09-08 14:12	--------	d-----w-	c:\program files\Free Audio Pack
2009-08-31 19:08 . 2009-07-30 21:18	--------	d-----w-	c:\programdata\Partner
2009-08-30 13:25 . 2009-01-13 05:21	--------	d-----w-	c:\program files\Common Files\Adobe
2009-08-30 13:07 . 2009-08-30 13:07	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-22 16:50 . 2009-05-23 05:35	--------	d-----w-	c:\programdata\CyberLink
2009-08-21 11:03 . 2009-08-14 21:22	--------	d-----w-	c:\program files\QuickTime
2009-08-20 16:17 . 2009-08-14 22:37	--------	d-----w-	c:\program files\AviSynth 2.5
2009-08-20 14:12 . 2009-08-13 10:19	--------	d-----w-	c:\program files\IZArc
2009-08-20 13:07 . 2009-01-13 04:53	--------	d-----w-	c:\program files\Google
2009-08-19 09:19 . 2009-07-30 21:18	95984	----a-w-	c:\users\chris\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-19 08:15 . 2009-01-13 04:32	--------	d-----w-	c:\programdata\Microsoft Help
2009-08-19 08:13 . 2009-01-13 04:33	--------	d-----w-	c:\program files\Microsoft Works
2009-08-18 19:31 . 2009-08-13 10:07	--------	d-----w-	c:\program files\eMule
2009-08-18 18:07 . 2009-08-14 22:08	--------	d-----w-	c:\programdata\Messenger Plus!
2009-08-18 16:20 . 2009-01-13 05:02	--------	d-----w-	c:\program files\Windows Live
2009-08-18 15:58 . 2009-08-13 09:56	--------	d-----w-	c:\program files\Messenger Plus! Live
2009-08-16 20:25 . 2009-08-16 20:25	--------	d-----w-	c:\users\chris\AppData\Roaming\Acer
2009-08-16 16:00 . 2009-08-16 16:00	--------	d-----w-	c:\program files\ma-config.com
2009-08-16 16:00 . 2009-08-16 16:00	--------	d-----w-	c:\programdata\ma-config.com
2009-08-14 22:38 . 2009-08-14 22:38	--------	d-----w-	c:\users\chris\AppData\Roaming\Regensoft
2009-08-14 21:20 . 2009-08-14 21:20	--------	d-----w-	c:\programdata\QuickTime
2009-08-14 21:12 . 2009-08-14 21:12	--------	d-----w-	c:\users\chris\AppData\Roaming\Media Player Classic
2009-08-14 17:07 . 2009-09-11 18:12	897608	----a-w-	c:\windows\system32\drivers	cpip.sys
2009-08-14 16:29 . 2009-09-11 18:12	104960	----a-w-	c:\windows\system32
etiohlp.dll
2009-08-14 16:29 . 2009-09-11 18:12	17920	----a-w-	c:\windows\system32
etevent.dll
2009-08-14 14:16 . 2009-09-11 18:12	9728	----a-w-	c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-11 18:12	17920	----a-w-	c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-11 18:12	11264	----a-w-	c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-11 18:12	27136	----a-w-	c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-11 18:12	19968	----a-w-	c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-11 18:12	8704	----a-w-	c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-11 18:12	10240	----a-w-	c:\windows\system32\finger.exe
2009-08-13 11:00 . 2009-08-13 10:55	--------	d-----w-	c:\program files\Micro Application
2009-08-13 10:52 . 2009-08-13 10:52	--------	d-----w-	c:\program files\gost
2009-08-13 10:07 . 2009-08-13 10:07	--------	d-----w-	c:\programdata\eMule
2009-08-10 14:03 . 2009-08-10 14:03	--------	d-----w-	c:\program files\VideoLAN
2009-08-10 13:30 . 2009-08-10 12:48	33920	----a-w-	c:\windows\system32\drivers\fsbts.sys
2009-08-10 13:01 . 2009-08-10 13:01	--------	d-----w-	c:\users\chris\AppData\Roaming\F-Secure
2009-08-10 12:48 . 2009-08-10 12:45	--------	d-----w-	c:\programdata\f-secure
2009-08-10 12:47 . 2009-08-10 12:47	--------	d-----w-	c:\program files\Orange
2009-08-10 12:47 . 2009-08-10 12:47	--------	d-----w-	c:\programdata\fssg
2009-08-10 12:45 . 2009-08-10 12:45	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-10 11:15 . 2009-08-10 10:43	--------	d-----w-	c:\program files\OrangeHSS
2009-08-10 10:44 . 2009-08-10 10:44	--------	d-----w-	c:\program files\Securitoo
2009-08-10 10:43 . 2009-08-10 10:43	--------	d-----w-	c:\program files\Common Files\France Telecom
2009-08-10 09:10 . 2009-08-10 09:10	--------	d-----w-	c:\users\chris\AppData\Roaming\eSobi
2009-08-10 09:06 . 2009-01-13 04:48	--------	d-----w-	c:\programdata\McAfee
2009-08-10 09:03 . 2009-01-13 05:05	--------	d-----w-	c:\program files\Acer GameZone
2009-07-30 21:19 . 2009-07-30 21:19	--------	d-----w-	c:\users\chris\AppData\Roaming\Validity
2009-07-30 21:16 . 2009-01-13 04:47	--------	d-----w-	c:\program files\Acer
2009-07-30 21:13 . 2009-07-30 21:13	--------	d-sh--we	c:\programdata\Modèles
2009-07-30 21:13 . 2009-07-30 21:13	--------	d-sh--we	c:\programdata\Menu Démarrer
2009-07-30 21:13 . 2009-07-30 21:13	--------	d-sh--we	c:\programdata\Favoris
2009-07-30 21:13 . 2009-07-30 21:13	--------	d-sh--we	c:\programdata\Bureau
2009-07-30 21:13 . 2009-07-30 21:13	--------	d-sh--we	c:\program files\Fichiers communs
2009-07-21 21:52 . 2009-08-19 07:51	915456	----a-w-	c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-19 07:51	109056	----a-w-	c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-19 07:51	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-19 07:51	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-16 20:33	71680	----a-w-	c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-16 20:32	313344	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-16 20:32	4096	----a-w-	c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-16 20:32	7680	----a-w-	c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-16 20:31	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2009-07-11 19:32 . 2009-09-11 18:12	302592	----a-w-	c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-11 18:12	293376	----a-w-	c:\windows\system32\wlanmsm.dll
2009-07-11 19:32 . 2009-09-11 18:12	513024	----a-w-	c:\windows\system32\wlansvc.dll
2009-07-11 19:29 . 2009-09-11 18:12	127488	----a-w-	c:\windows\system32\L2SecHC.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-30 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-05 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-05 92704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-05-23 3719680]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-16 809480]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-13 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-5-23 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\AWinNotifyVitaKey MC3000]
2009-05-23 05:21	3162624	----a-w-	c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{69C9E28E-DC18-44D0-A0FD-F5FD8A97DF80}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{83A719D3-2212-4E79-AC75-5C78AB9B94D5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{372DF4B3-843F-4759-A96D-F4FE7E58D795}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{164360B1-239A-4F06-8E29-C781303F350B}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{69260472-CFAF-422F-B1DD-6CFBDF892DF2}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F406E2F6-2C0D-445C-BCFD-FE9807096399}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{DA157BAC-CEBA-4A58-801A-B93BE8530D12}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{E2D80A1F-E27C-4D69-9F6B-22F26AA11B96}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{72BD6BB2-6DE9-4E17-8106-D921E74D36DF}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{EDEC4F0A-9FD3-41C9-8424-61AB3A033640}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{9B7A2668-9BCC-4ED5-B9DB-5B2AAF390DE4}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{C08EF3C5-2014-479D-9117-D0C801BE11B0}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{934B1442-6492-433B-8837-3737DC25AA25}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{D996C044-ACFC-4984-86FC-538BBD35FFC5}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{AFA4FE2A-860F-4A46-AD37-E871A31A7906}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [23/05/2009 07:21 43184]
R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [10/08/2009 14:48 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\AntivirusFirewall\HIPS\drivers\fshs.sys [10/08/2009 14:47 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [10/08/2009 14:48 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [10/08/2009 14:48 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [10/08/2009 14:47 12384]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [23/05/2009 07:38 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 14:11 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [23/05/2009 07:39 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [13/01/2009 06:47 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 22:36 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [23/05/2009 07:39 122368]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [23/05/2009 07:40 233472]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [26/05/2008 05:43 599344]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [10/08/2009 14:47 99960]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe [10/08/2009 14:48 55904]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [23/05/2009 07:27 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [13/01/2009 13:35 47104]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [13/01/2009 13:35 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers
vhda32v.sys [13/01/2009 13:35 45600]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [26/05/2008 05:44 40752]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [23/05/2009 07:21 3520512]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 22:36 131072]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [13/01/2009 06:29 85136]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [10/08/2009 12:44 28224]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [10/08/2009 14:47 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [10/08/2009 14:47 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32undll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-09-17 c:\windows\Tasks\User_Feed_Synchronization-{57026999-7C86-4E5D-B971-6775BAD39E3F}.job
- c:\windows\system32\msfeedssync.exe [2009-08-19 20:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=0509&m=aspire_8930
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\Orange\AntivirusFirewall\FSPS\program\FSLSP.DLL
DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} - hxxp://contacts.orange.fr/wfr_webab/VoxsyncX.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 10:28
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(1248)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32
vvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
c:\program files\Orange\AntivirusFirewall\Common\FSMA32.EXE
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsgk32.exe
c:\windows\System32undll32.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Orange\AntivirusFirewall\Common\FSMB32.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Orange\AntivirusFirewall\Common\FCH32.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
c:\program files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
c:\program files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
c:\program files\Orange\AntivirusFirewall\FWES\program\fsdfwd.exe
c:\program files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
c:\program files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Heure de fin: 2009-09-17 10:32 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-09-17 08:32

Avant-CF: 193 374 339 072 octets libres
Après-CF: 190 852 321 280 octets libres

390	--- E O F ---	2009-09-12 10:00

Narco!4 · Answer

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt

batlaurenz · Answer

voici le contenu du fichier log.txt :

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

Narco!4 · Answer

le rapport entier

batlaurenz · Answer

Apres ces divers manipulations et plusieurs nettoyages Ccleaner et antivirus, le probleme semble s'être estompé.
Si cela recomence, je vous recontacterai.
Je viendrais sur le post en soirée, pour voir s'il reste des manips à effetuer.

dans le cas contraire merci beaucoup de votre aide .

Narco!4 · Answer

* Pour terminer, utilise ToolsCleaner! (de A.Rothstein et Dj Quiou) http://pc-system.fr/ pour nettoyer les utilitaires téléchargés,
* Désactive la restauration système, redémarre l'ordinateur, puis réactive-la, en procédant comme indiqué ici  http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

* Lance le nettoyage avec CCleaner et fais ce scan en ligne : https://forum.pcastuces.com/sujet.asp?f=25&s=31584&page=1

* Visite régulièrement le site http://www.update.microsoft.com/windowsupdate/v6/default.aspx afin d'avoir un système toujours actualisé.
* Utilise hebdomadairement ce petit programme http://alt-shift-return.org/Info/Update_Checker.html pour effectuer tes mises à jour logicielles.
* N'installe jamais un programme sans avoir entièrement lu et compris les termes de son contrat d'utilisation, ou sans être définitivement certain qu'il n'installe pas discrètement un logiciel publicitaire (renseigne-toi sur Google ou sur les forums)
* Préfère l'utilisation de logiciels libres https://fr.wikipedia.org/wiki/Logiciel_libre : ils sont transparents et plus sécurisés, à l'inverse des logiciels propriétaires https://fr.wikipedia.org/wiki/Logiciel_propri%C3%A9taire ; Firefox, Thunderbird, OpenOffice, VLC... en font partie.

* A ce moment là, tu pourras marquer ton sujet "résolu" si tu estimes que c'est le cas 

* Note importante : il est fortement conseillé d'utiliser un compte limité pour une utilisation classique d'un ordinateur afin de minimiser très siginificativement les risques d'infection.
Mode d'emploi : https://www.microsoft.com/de-ch

à+

batlaurenz · Answer

Merci Beaucoup, ces conseils seront suivis.

à bientot pour de nouvelles aventures !!!

Probleme redirection vers sites divers

12 réponses

Discussions similaires

Newsletters