Message démarrage VISTA

Résolu
Seb1989 Messages postés 58 Statut Membre -  
Seb1989 Messages postés 58 Statut Membre -
Bonjour,

Depuis peu j'ai une fenêtre qui s'ouvre au démarrage de ma session m'indiquant ceci :

UNREGISTERED VERSION

This program has been protected by unregistered version ofASProtect Software Protection System

IU'S NOT LICENSES FOR DISTRIBUTION!

This message will not appear on programs protected by a registered version of ASProtect


en image : http://img190.imageshack.us/img190/1816/bugrr.jpg

J'aimerai dans un premier temps comprendre d'où elle provient mais surtout m'en débarrasser.

Merci pour votre aide.
Cordialement.
Configuration: Windows Vista
Firefox 3.5.3

19 réponses

  1. Utilisateur anonyme
     
    Bonsoir

    1)=> Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
    https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
    * Va dans démarrer puis panneau de configuration
    * Double Clique sur l'icône "Comptes d'utilisateurs"
    * Clique ensuite sur désactiver et valide.

    2)1- Télécharge et installe le logiciel HijackThis :

    https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
    ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

    -->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation .
    A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge.
    Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
    "C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

    (Ne lance pas ce prg pour l'instant et fais la suite ... )

    2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

    -> http://images.malwareremoval.com/random/RSIT.exe

    ! Déconnecte toi et ferme toutes tes applications en cours !

    Double-clique sur " RSIT.exe " pour le lancer.

    Clic droit sous VISTA (exécuter en tant que…)

    -> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

    * Devant l'option "List files/folders created ..." , tu choisis : 2 months

    * clique ensuite sur " Continue " pour lancer l'analyse ...

    -> laisse faire le scan et ne touche pas au PC ...

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).

    Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

    Important : poste un rapport, puis l'autre dans la réponse suivante ...
    Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
    ( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )

    ( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

    Merci

    0
  2. Seb1989 Messages postés 58 Statut Membre 13
     
    " log.txt "

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Sébastien at 2009-10-08 21:19:11
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
    System drive C: has 39 GB (26%) free of 148 GB
    Total RAM: 3066 MB (45% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:19:16, on 08/10/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\System32\Spy-Net\server.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\Cerberus12\server95.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\System32\notepad.exe
    C:\Users\Sébastien\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Sébastien.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [Spy-Net] C:\Windows\System32\Spy-Net\server.exe
    O4 - HKLM\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Spy-Net] C:\Windows\System32\Spy-Net\server.exe
    O4 - HKCU\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
    O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9d4ccfe26ad22) (gupdate1c9d4ccfe26ad22) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
    1. Utilisateur anonyme
       
      Re

      1)Sous Windows Vista, la barre des menus n'étant pas présente par défaut, il faut d'abord la faire apparaitre.

      Pour cela,
      • pressez la touche ALT du clavier. La barre des menus apparait.
      • Dans le menu Outils, choisissez Options des dossiers.
      • Choisissez l'onglet Affichage.
      • Cochez Afficher les fichiers et dossiers cachés.
      Décochez Cachez les fichiers système.
      Décochez Cacher les extensions dont le type est connu.
      • Validez les modifications en cliquant sur OK.

      2)● Rends toi sur ce site :

      https://www.virustotal.com/gui/

      ● Clique sur " parcourir ", cherche ces fichiers :
      C:\Windows\System32\Spy-Net\server.exe
      C:\Windows\System32\Cerberus12\server95.exe

      ● Clique sur Send File.

      ● Un rapport va s'élaborer ligne à ligne.

      ● Attends la fin. Il doit comprendre la taille du fichier envoyé.

      ● Sauvegarde le rapport avec le bloc-note.

      ● Copie le dans ta réponse.

      (!) Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Réanalyser le fichier maintenant

      @+
      0
  3. Seb1989 Messages postés 58 Statut Membre 13
     
    " info.txt "

    info.txt logfile of random's system information tool 1.06 2009-10-08 21:07:35

    ======Uninstall list======

    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
    7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
    abgx360 v1.0.1-->"C:\Program Files\abgx360\uninstall.exe"
    Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
    Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
    Acer Bio Protection

    AAU 6.0.00.17-->"C:\Program Files\Acer\Acer Bio Protection\uninstall.exe"
    Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x040c -removeonly
    Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
    Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
    Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x040c -removeonly
    Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x040c -removeonly
    Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x040c -removeonly
    Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x040c -removeonly
    Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
    Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
    Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
    Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x40c -removeonly
    Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
    Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
    Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
    Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
    Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
    Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
    Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
    Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
    Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
    Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
    Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
    Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
    Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
    Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
    Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
    Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
    Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
    Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
    Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
    Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
    Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
    Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
    Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
    Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
    Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
    Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
    Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
    Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
    Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
    AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
    AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
    Ad-Remover By C_XX-->"C:\Program Files\Ad-Remover\Uninstall ADR.exe"
    Antidote RX v8-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
    Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
    Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x040c -removeonly
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
    Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
    ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
    CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
    CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
    gBurner-->"C:\Program Files\gBurner\uninstall.exe"
    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Earth Plug-in-->MsiExec.exe /X{FE24D361-A3E8-11DE-88F3-005056806466}
    Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
    HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcrZUn32z.INF
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
    HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
    HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
    HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
    HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
    HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
    HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
    ImgBurn 2.3.2.0 Fr-->"C:\Program Files\ImgBurn\unins000.exe"
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    Intel PROSet Wireless-->Intel PROSet Wireless
    Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
    Ipulp 1.1-->"C:\Program Files\Ipulp\unins000.exe"
    iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
    Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
    Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
    Lecteur CANAL-->MsiExec.exe /X{04DA096D-6236-4A5D-8FB6-3081E67009BA}
    Ma Videothèque V1.5-->"C:\Program Files\MaVideotheque\unins000.exe"
    McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
    Megavideo Video Downloader 3.14-->"C:\Program Files\DownloadToolz\Megavideo Video Downloader\unins000.exe"
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
    Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-20CX-4294-TL10-U4U0-UKE2-MMT7-AHWX"
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
    Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
    NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c
    NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c
    NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
    Orion-->MsiExec.exe /X{5B63A470-9334-44D1-AF61-6CE2DB565AE9}
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Package de pilotes Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\mbtmdm.inf_afb0631d\mbtmdm.inf
    PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
    PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
    Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
    Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
    PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
    QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
    Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
    RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
    SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
    Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
    SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
    Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
    SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
    SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
    SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
    Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{231A1A09-FDF2-45F2-B3D1-964CECE372BC}\setup.exe" -runfromtemp -l0x040c -removeonly
    Seagate Manager Installer-->MsiExec.exe /X{231A1A09-FDF2-45F2-B3D1-964CECE372BC}
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
    Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
    SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
    SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe
    SPBA 5.8-->MsiExec.exe /I{ECCD28B2-8798-4D16-8126-625D728294A1}
    SpeedyFox-->"C:\Program Files\SpeedyFox\unins000.exe"
    Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
    Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Transcode 360 for Windows Vista-->"C:\Program Files\Transcode360\uninstall.exe"
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
    VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}
    WIDCOMM Bluetooth Software 6.0.1.6400-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
    Winbond CIR Device Drivers-->MsiExec.exe /I{10F498FF-5392-4DF3-8F73-FE172A9F3800}
    Windows 7 Upgrade Advisor Beta-->MsiExec.exe /I{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Zattoo 3.3.4 Beta-->C:\Program Files\Zattoo\uninst.exe

    ======Hosts File======

    127.0.0.1 activate.adobe.com

    ======Security center information======

    AS: Windows Defender

    ======System event log======

    Computer Name: PC-de-Sébastien
    Event Code: 134
    Message: NtpClient n'a pas pu définir d'homologue manuel à utiliser comme source de temps en raison d'une erreur de résolution DNS sur " time.windows.com,0x1 ". NtpClient réessaiera dans 15 minutes, et à nouveau une fois le double de l'intervalle de nouvelle tentative écoulé. L'erreur était : Hôte inconnu. (0x80072AF9)
    Record Number: 65881
    Source Name: Microsoft-Windows-Time-Service
    Time Written: 20090608071021.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-Sébastien
    Event Code: 4001
    Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

    Record Number: 65866
    Source Name: Microsoft-Windows-WLAN-AutoConfig
    Time Written: 20090607215351.795836-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-Sébastien
    Event Code: 10002
    Message: Le module d’extensibilité WLAN s’est arrêté.

    Chemin d’accès du module : C:\Windows\System32\IWMSSvc.dll

    Record Number: 65865
    Source Name: Microsoft-Windows-WLAN-AutoConfig
    Time Written: 20090607215351.125036-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-Sébastien
    Event Code: 7022
    Message: Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
    Record Number: 65815
    Source Name: Service Control Manager
    Time Written: 20090607080653.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Sébastien
    Event Code: 7022
    Message: Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
    Record Number: 65649
    Source Name: Service Control Manager
    Time Written: 20090606093601.000000-000
    Event Type: Erreur
    User:

    =====Application event log=====

    Computer Name: PC-de-Sébastien
    Event Code: 11500
    Message: Produit : Java(TM) 6 Update 11 -- Erreur 1500. Une autre installation est en cours. Vous de
    0
  4. Seb1989 Messages postés 58 Statut Membre 13
     
    Cerberus12

    Fichier server95.exe reçu le 2009.10.08 19:45:33 (UTC)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
    Résultat: 5/41 (12.2%)

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.41 2009.10.08 Trojan.Win32.Buzus!IK
    AhnLab-V3 5.0.0.2 2009.10.08 -
    AntiVir 7.9.1.35 2009.10.08 TR/Dropper.Gen
    Antiy-AVL 2.0.3.7 2009.10.05 -
    Authentium 5.1.2.4 2009.10.08 -
    Avast 4.8.1351.0 2009.10.08 -
    AVG 8.5.0.420 2009.10.04 -
    BitDefender 7.2 2009.10.08 -
    CAT-QuickHeal 10.00 2009.10.08 -
    ClamAV 0.94.1 2009.10.08 -
    Comodo 2539 2009.10.08 -
    DrWeb 5.0.0.12182 2009.10.08 -
    eSafe 7.0.17.0 2009.10.08 -
    eTrust-Vet 35.1.7057 2009.10.08 -
    F-Prot 4.5.1.85 2009.10.08 -
    F-Secure 8.0.14470.0 2009.10.08 -
    Fortinet 3.120.0.0 2009.10.08 -
    GData 19 2009.10.08 -
    Ikarus T3.1.1.72.0 2009.10.08 Trojan.Win32.Buzus
    Jiangmin 11.0.800 2009.10.08 -
    K7AntiVirus 7.10.865 2009.10.08 -
    Kaspersky 7.0.0.125 2009.10.08 -
    McAfee 5765 2009.10.08 -
    McAfee+Artemis 5765 2009.10.08 -
    McAfee-GW-Edition 6.8.5 2009.10.08 Trojan.Dropper.Gen
    Microsoft 1.5101 2009.10.08 VirTool:Win32/VBInject.gen!CE
    NOD32 4491 2009.10.08 -
    Norman 6.01.09 2009.10.08 -
    nProtect 2009.1.8.0 2009.10.08 -
    Panda 10.0.2.2 2009.10.08 -
    PCTools 4.4.2.0 2009.10.08 -
    Prevx 3.0 2009.10.08 -
    Rising 21.49.22.00 2009.09.30 -
    Sophos 4.45.0 2009.10.08 -
    Sunbelt 3.2.1858.2 2009.10.08 -
    Symantec 1.4.4.12 2009.10.08 -
    TheHacker 6.5.0.2.033 2009.10.07 -
    TrendMicro 8.950.0.1094 2009.10.08 -
    VBA32 3.12.10.11 2009.10.08 -
    ViRobot 2009.10.8.1976 2009.10.08 -
    VirusBuster 4.6.5.0 2009.10.08 -
    Information additionnelle
    File size: 167936 bytes
    MD5...: 1b322f4558f95c690f42421f32a7e140
    SHA1..: f6773f4ec170917673848307c3a8742f49b93ac3
    SHA256: 7ee8e83d9d915d09d3b591dc4eb6d0cbd2b22bed8f752594b692201f26a344b1
    ssdeep: 3072:3Te4EQ3hZBpTUndB3+AnD8fVIGN3y+c2+uBu4rE+VURbnbLt:3Te4EUBxUn
    dBXuCGN35cYrExfLt
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x15b0
    timedatestamp.....: 0x4abfbf5c (Sun Sep 27 19:39:08 2009)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0xd4c4 0xe000 5.29 4d710721154d5d46cd89820bb3a4a376
    .data 0xf000 0x3ec 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
    .rsrc 0x10000 0x1832d 0x19000 7.79 710323400a8b82269195e07408d77a32

    ( 1 imports )
    > MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaAryMove, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, _adj_fdiv_m32, __vbaAryDestruct, __vbaExitProc, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, -, _CIsin, -, __vbaErase, __vbaVarZero, __vbaChkstk, __vbaFileClose, __vbaStrCmp, __vbaPutOwner3, __vbaAryConstruct2, -, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, -, _CIsqrt, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, -, __vbaInStrVar, __vbaStrVarVal, __vbaUbound, __vbaGetOwner3, __vbaVarCat, -, _CIlog, __vbaFileOpen, -, -, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaI4Var, __vbaVarCmpEq, __vbaAryLock, __vbaStrToAnsi, __vbaVarDup, -, _CIatan, __vbaStrMove, __vbaStrVarCopy, -, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeStr, __vbaI4ErrVar

    ( 0 exports )
    RDS...: NSRL Reference Data Set
    -
    pdfid.: -
    trid..: Win32 Executable Microsoft Visual Basic 6 (90.9%)
    Win32 Executable Generic (6.1%)
    Generic Win/DOS Executable (1.4%)
    DOS Executable Generic (1.4%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: Realtek Semiconductor Corp.
    copyright....: Copyright (c) 2004 Realtek Semiconductor Corp.
    product......: Realtek AC97 Audio - Event Monitor
    description..: Realtek Azalia Audio - Event Monitor
    original name: Alcxmntr.exe
    internal name: Alcxmntr
    file version.: 1.6.0.2
    comments.....:
    signers......: -
    signing date.: -
    verified.....: Unsigned
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Seb1989 Messages postés 58 Statut Membre 13
     
    Spy-net
    j'ai parfois un message au démarrage accompagnant la fenetre dont le post est question où spy-net est mise en cause.

    Fichier server.exe reçu le 2009.10.08 19:50:44 (UTC)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
    Résultat: 5/41 (12.2%)

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.41 2009.10.08 -
    AhnLab-V3 5.0.0.2 2009.10.08 -
    AntiVir 7.9.1.35 2009.10.08 -
    Antiy-AVL 2.0.3.7 2009.10.05 -
    Authentium 5.1.2.4 2009.10.08 -
    Avast 4.8.1351.0 2009.10.08 -
    AVG 8.5.0.420 2009.10.04 -
    BitDefender 7.2 2009.10.08 -
    CAT-QuickHeal 10.00 2009.10.08 Trojan.Buzus.cdnm
    ClamAV 0.94.1 2009.10.08 -
    Comodo 2539 2009.10.08 -
    DrWeb 5.0.0.12182 2009.10.08 -
    eSafe 7.0.17.0 2009.10.08 -
    eTrust-Vet 35.1.7057 2009.10.08 -
    F-Prot 4.5.1.85 2009.10.08 -
    F-Secure 8.0.14470.0 2009.10.08 Trojan.Win32.Buzus.cdnm
    Fortinet 3.120.0.0 2009.10.08 -
    GData 19 2009.10.08 -
    Ikarus T3.1.1.72.0 2009.10.08 -
    Jiangmin 11.0.800 2009.10.08 -
    K7AntiVirus 7.10.865 2009.10.08 -
    Kaspersky 7.0.0.125 2009.10.08 Trojan.Win32.Buzus.cdnm
    McAfee 5765 2009.10.08 -
    McAfee+Artemis 5765 2009.10.08 -
    McAfee-GW-Edition 6.8.5 2009.10.08 Heuristic.LooksLike.Win32.Suspicious.C
    Microsoft 1.5101 2009.10.08 -
    NOD32 4491 2009.10.08 -
    Norman 6.01.09 2009.10.08 -
    nProtect 2009.1.8.0 2009.10.08 -
    Panda 10.0.2.2 2009.10.08 -
    PCTools 4.4.2.0 2009.10.08 -
    Prevx 3.0 2009.10.08 High Risk Cloaked Malware
    Rising 21.49.22.00 2009.09.30 -
    Sophos 4.45.0 2009.10.08 -
    Sunbelt 3.2.1858.2 2009.10.08 -
    Symantec 1.4.4.12 2009.10.08 -
    TheHacker 6.5.0.2.033 2009.10.07 -
    TrendMicro 8.950.0.1094 2009.10.08 -
    VBA32 3.12.10.11 2009.10.08 -
    ViRobot 2009.10.8.1976 2009.10.08 -
    VirusBuster 4.6.5.0 2009.10.08 -
    Information additionnelle
    File size: 258560 bytes
    MD5...: b1786e3a0647d77eacc34685ff582baf
    SHA1..: 6c15483797390c7ee0e2641d70015bf3a0bd1a6d
    SHA256: 8d992077a878af9bda4bba3b2e1616b6bcd1a522cb7e78f08ba1fd5423eef6c4
    ssdeep: 6144:PseZymvhuuC8JlLfaPxnNg65WyvnV+EVRLCcyq+jqGGFVIAVt:EenJuuCoL
    faXC0V3j/yq+jqGCIUt
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1000
    timedatestamp.....: 0x4aa998db (Fri Sep 11 00:24:59 2009)
    machinetype.......: 0x14c (I386)

    ( 5 sections )
    name viradd virsiz rawdsiz ntrpy md5
    0x1000 0x6000 0x1c00 7.97 c1fb151271211cb7f01d084631c6b964
    0x7000 0x1000 0x200 7.55 ffa7c3a2dd03a750db87a328a38fde83
    .rsrc 0x8000 0x18000 0x18000 7.98 5f7330dc9b0bcea2605bd8b31bb3c137
    .data 0x20000 0x5c000 0x24400 7.84 9581b29acd04a04db0c891f05bbd410a
    .adata 0x7c000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

    ( 4 imports )
    > kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
    > msvbvm60.dll: _CIcos
    > oleaut32.dll: VariantChangeTypeEx
    > kernel32.dll: RaiseException

    ( 0 exports )
    RDS...: NSRL Reference Data Set
    -
    pdfid.: -
    trid..: Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: cd
    copyright....: gh
    product......: kl
    description..: ef
    original name: bong.exe
    internal name: bong
    file version.: 1.00
    comments.....: ab
    signers......: -
    signing date.: -
    verified.....: Unsigned
    packers (F-Prot): Aspack
    <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B6436CD00014EF1FF28603A1F6EA0500929C7ABC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=B6436CD00014EF1FF28603A1F6EA0500929C7ABC</a>
    0
  7. Seb1989 Messages postés 58 Statut Membre 13
     
    complément d'information en image :

    http://img198.imageshack.us/img198/1399/bug2xb.jpg

    maintenant je fait quoi ?
    0
    1. Utilisateur anonyme
       
      Bonjour

      1)Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

      http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

      ! Déconnectes toi et fermes toute tes applications en cours !

      Double cliques sur "OTMoveIt" pour ouvrir le programme.
      Puis copies ce qui se trouve en gras ci-dessous:

      :Services


      :Reg
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "Spy-Net"=-
      "Cerberus45"=-
      :files
      C:\Windows\System32\Cerberus12\server95.exe
      C:\Windows\System32\Spy-Net\server.exe

      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]


      et colles le dans le cadre de gauche de OTMoveIt3 :
      Paste Instructions for Items to be Moved.
      (ne touche à rien d'autre !)

      -> cliques sur MoveIt! pour lancer la suppression.
      -> laisses travailler l'outil ...

      (Note : ton bureau va disparaître puis réapparaître, c'est normal.)

      -> Une fois finis, un petite fenêtre s'ouvre : cliques sur " Yes " .

      Ton PC va redémarrer de lui même ...

      -->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"

      @+
      0
  8. Seb1989 Messages postés 58 Statut Membre 13
     
    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Spy-Net deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cerberus45 deleted successfully.
    ========== FILES ==========
    C:\Windows\System32\Cerberus12\server95.exe moved successfully.
    C:\Windows\System32\Spy-Net\server.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes

    User: Mcx1

    User: Mcx1.PC-de-Sébastien
    ->Temp folder emptied: 0 bytes

    User: Public

    User: Sébastien

    User: Sébastien
    ->Temp folder emptied: 735680 bytes
    ->Java cache emptied: 26470782 bytes
    ->FireFox cache emptied: 78554165 bytes

    User: SÚbastien

    %systemdrive% .tmp files removed: 0 bytes
    C:\Windows\msdownld.tmp folder deleted successfully.
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 47717 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 100,91 mb

    OTM by OldTimer - Version 3.0.0.6 log created on 10092009_141447

    Files moved on Reboot...

    Registry entries deleted on Reboot...
    0
    1. Utilisateur anonyme
       
      Re

      Télécharge Malwarebytes anti malware ici
      http://www.malwarebytes.org/mbam.php

      * Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

      (NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/

      * Potasse le tuto pour te familiariser avec le prg :

      https://forum.pcastuces.com/sujet.asp?f=31&s=3

      (cela dis, il est très simple d’utilisation).

      relance malwarebytes en suivant scrupuleusement ces consignes :

      ! Déconnecte toi et ferme toutes applications en cours !

      * Lance Malwarebyte's .

      Fais un examen dit "Complet" .

      --> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
      --> à la fin tu cliques sur "résultat" .
      --> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

      Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


      Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

      @+
      0
  9. Seb1989 Messages postés 58 Statut Membre 13
     
    Malwarebytes' Anti-Malware 1.41
    Version de la base de données: 2928
    Windows 6.0.6002 Service Pack 2

    09/10/2009 16:40:35
    mbam-log-2009-10-09 (16-40-35).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 293956
    Temps écoulé: 2 hour(s), 1 minute(s), 27 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{ibg8e86j-se86-n3oi-aeeb-bc6727m553r1} (Generic.Bot.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{q24dw6q2-06i4-ij3c-0xc1-f3kcx17100mj} (Generic.Bot.H) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spy-Net (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spy-Net (Backdoor.Bot) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Windows\System32\Cerberus12\server95.exe (Generic.Bot.H) -> Delete on reboot.
    C:\Windows\System32\Spy-Net\server.exe (Generic.Bot.H) -> Delete on reboot.
    0
    1. Utilisateur anonyme
       
      Re

      Remet un RSIT stp
      Merci
      0
  10. Seb1989 Messages postés 58 Statut Membre 13
     
    re, comme demandé le RSIT

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Sébastien at 2009-10-09 21:27:39
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
    System drive C: has 42 GB (28%) free of 148 GB
    Total RAM: 3066 MB (52% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:28:22, on 09/10/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Sébastien\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Sébastien.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Cerberus45] C:\Windows\System32\Cerberus12\server95.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
    O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9d4ccfe26ad22) (gupdate1c9d4ccfe26ad22) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
    1. Utilisateur anonyme
       
      Bonjour

      Tu es toujours infecté.
      Passons à la vitesse supérieure.

      Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
      ->Renomme le pour l’enregistrer sur ton bureau en asdehi(tout simplement pour que l’infection ne le contre pas)
      -> Double clique combofix.exe.
      -> Tape sur la touche 1 (Yes) pour démarrer le scan.
      -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

      NOTE : Le rapport se trouve également ici : C:\Combofix.txt

      Avant d'utiliser ComboFix :

      -> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.

      -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

      Une fois fait, sur ton bureau double-clic sur Combofix.exe.

      - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

      -Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur

      - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

      - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

      -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

      -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

      !\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)


      ::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes

      @+
      0
  11. Seb1989 Messages postés 58 Statut Membre 13
     
    Bonjour,

    le rapport demandé :


    ComboFix 09-10-10.02 - Sébastien 11/10/2009 11:15.1.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.1835 [GMT 2:00]
    Lancé depuis: c:\users\Sébastien\Desktop\asdehi.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-811835293-1638113248-1029637537-1001
    c:\$recycle.bin\S-1-5-21-811835293-1638113248-1029637537-500
    c:\windows\Installer\13da50.msi
    c:\windows\Installer\34e063.msi
    c:\windows\Installer\34e067.msi
    c:\windows\Installer\5e6444.msi
    c:\windows\Installer\5e71db.msi
    c:\windows\Installer\6a77b3.msi
    c:\windows\Installer\6a77b7.msi
    c:\windows\Suyin.reg

    Une copie infectée de c:\windows\System32\calc.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.0.6000.16386_none_a7873f3f1dd0e729\calc.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-11 au 2009-10-11 ))))))))))))))))))))))))))))))))))))
    .

    2009-10-11 09:35 . 2009-10-11 09:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-10-09 12:29 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-10-09 12:29 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-10-09 12:29 . 2009-10-09 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-09 12:14 . 2009-10-09 12:14 -------- d-----w- C:\_OTM
    2009-10-08 19:07 . 2009-10-08 19:07 -------- d-----w- C:\rsit
    2009-10-08 19:01 . 2009-10-08 19:01 -------- d-----w- c:\program files\Trend Micro
    2009-10-08 18:07 . 2009-10-08 18:07 -------- d-sh--w- c:\users\SÚbastien
    2009-10-08 18:05 . 2009-10-08 18:08 -------- d-----w- C:\GenProc
    2009-10-07 12:15 . 2009-10-08 06:44 146314 ----a-w- c:\windows\hpoins18.dat
    2009-10-07 12:14 . 2007-03-01 00:35 6600 ----a-w- c:\windows\hpomdl18.dat
    2009-10-06 09:20 . 2009-10-08 17:35 -------- d-----w- c:\program files\Ad-Remover
    2009-10-04 10:31 . 2009-10-04 10:31 -------- d-----w- c:\program files\Microsoft
    2009-10-04 10:30 . 2009-10-04 10:30 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-10-02 10:39 . 2009-10-02 10:39 -------- d-----w- c:\windows\system32\URTTEMP
    2009-09-28 11:10 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Cerberus12
    2009-09-25 15:27 . 2009-09-25 15:27 -------- d-----w- c:\program files\Druide
    2009-09-25 15:21 . 2009-09-25 15:21 -------- d-----w- c:\program files\7-Zip
    2009-09-25 14:08 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Spy-Net
    2009-09-24 09:08 . 2009-09-24 09:08 -------- d-----w- c:\program files\iPod
    2009-09-24 09:08 . 2009-09-24 09:10 -------- d-----w- c:\program files\iTunes
    2009-09-23 22:07 . 2009-10-04 18:58 -------- d-----w- C:\Mes Sites Web
    2009-09-17 09:38 . 2009-09-17 09:38 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2009-09-14 09:45 . 2009-09-14 10:01 -------- d-----w- c:\program files\abgx360
    2009-09-12 08:48 . 2009-09-12 08:48 -------- d-----w- c:\programdata\Malwarebytes

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-11 09:38 . 2009-03-13 13:35 28219 ----a-w- c:\programdata\nvModes.dat
    2009-10-11 09:36 . 2008-09-30 01:30 12 ----a-w- c:\windows\bthservsdp.dat
    2009-10-11 08:54 . 2009-05-14 20:00 -------- d-----w- c:\programdata\Google Updater
    2009-10-09 20:00 . 2008-01-21 08:40 679418 ----a-w- c:\windows\system32\perfh00C.dat
    2009-10-09 20:00 . 2008-01-21 08:40 128418 ----a-w- c:\windows\system32\perfc00C.dat
    2009-10-09 07:24 . 2009-03-13 19:20 -------- d-----w- c:\program files\MSECache
    2009-10-06 12:44 . 2008-09-30 01:43 -------- d-----w- c:\program files\Launch Manager
    2009-10-06 12:19 . 2008-09-30 01:57 -------- d-----w- c:\programdata\CyberLink
    2009-10-06 09:40 . 2009-08-17 20:33 -------- d-----w- c:\program files\JDownloader 0.6.193
    2009-10-04 10:54 . 2009-03-13 12:45 -------- d-----w- c:\program files\Patch MsnCreative
    2009-09-29 15:58 . 2009-03-13 13:14 -------- d-----w- c:\program files\OpenOffice.org 3
    2009-09-29 15:46 . 2009-07-09 16:37 -------- d-----w- c:\program files\PC Connectivity Solution
    2009-09-29 15:44 . 2009-03-13 14:51 -------- d-----w- c:\program files\Google
    2009-09-29 15:44 . 2008-07-25 13:04 -------- d-----w- c:\program files\Acer GameZone
    2009-09-29 15:43 . 2008-07-25 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-09-24 09:08 . 2009-06-13 12:35 -------- d-----w- c:\program files\Common Files\Apple
    2009-09-10 08:58 . 2009-03-13 12:42 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-09-10 08:51 . 2009-09-10 08:49 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-09-10 08:46 . 2009-09-10 08:45 -------- d-----w- c:\program files\QuickTime
    2009-09-10 08:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-09-07 17:50 . 2009-09-07 17:50 89088 ----a-w- c:\windows\system32\atl71.dll
    2009-09-07 17:50 . 2009-09-07 17:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2009-09-07 17:50 . 2009-09-07 17:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2009-09-07 17:50 . 2009-09-07 17:50 1060864 ----a-w- c:\windows\system32\MFC71.dll
    2009-09-07 17:50 . 2009-09-07 17:50 1047552 ----a-w- c:\windows\system32\MFC71u.dll
    2009-09-06 20:16 . 2009-09-06 20:16 -------- d-----w- c:\program files\Ipulp
    2009-09-04 11:09 . 2009-09-04 11:09 -------- d-----w- c:\program files\SpeedyFox
    2009-08-29 00:27 . 2009-09-02 20:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-29 00:14 . 2009-09-02 20:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-28 15:02 . 2009-08-27 12:39 -------- d-----w- c:\program files\ImgBurn
    2009-08-27 12:42 . 2009-08-27 12:42 -------- d-----w- c:\programdata\WindowsSearch
    2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\programdata\Seagate
    2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\program files\Seagate
    2009-08-25 22:09 . 2009-05-02 10:02 -------- d-----w- c:\program files\McAfee
    2009-08-24 09:11 . 2009-03-18 14:50 164389 ----a-w- c:\windows\hpoins19.dat
    2009-08-14 16:27 . 2009-09-09 08:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2009-08-14 15:53 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\netevent.dll
    2009-08-14 13:49 . 2009-09-09 08:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 19968 ----a-w- c:\windows\system32\ARP.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 10240 ----a-w- c:\windows\system32\finger.exe
    2009-08-14 13:48 . 2009-09-09 08:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2009-08-14 13:48 . 2009-09-09 08:39 105984 ----a-w- c:\windows\system32\netiohlp.dll
    2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
    2009-07-25 03:23 . 2009-03-14 12:22 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-21 21:52 . 2009-07-30 08:16 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-07-30 08:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-07-30 08:16 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-07-30 08:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-17 13:54 . 2009-08-13 07:03 71680 ----a-w- c:\windows\system32\atl.dll
    2009-07-16 10:32 . 2009-05-02 10:04 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
    2009-07-15 12:40 . 2009-08-13 07:03 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-07-15 12:39 . 2009-08-13 07:03 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-15 12:39 . 2009-08-13 07:03 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-07-15 12:39 . 2009-08-13 07:03 7680 ----a-w- c:\windows\system32\spwmp.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 68856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-04 3883856]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
    "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
    "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
    "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-09-30 3676160]
    "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
    "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
    "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
    "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
    2008-09-30 01:56 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
    2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
    backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
    backup=c:\windows\pss\BTTray.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
    backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):28,24,1c,96,ee,e5,c9,01

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{89799D38-6725-4CE5-9D1E-6E30415FE623}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
    "{D44F326E-3D01-4696-9E32-3ED5D49B0E4B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
    "{71E00646-63EC-47AC-B284-2EA545130FD0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
    "{57BDCF60-2235-4679-8101-B9BD26C60ED2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
    "{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
    "{44132C7C-6906-4ED8-ABA6-2596681E8633}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
    "{30A1F990-1B0B-408D-9385-E83FF29BE07F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{2FCDE318-182E-4D8F-9169-FE74FBB301CE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{F9B95664-C1B4-4028-9CDC-757525CFF306}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{8BC06121-A75B-42B8-BB02-516D92ECA5ED}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
    "{D5FD47F0-B674-4133-AFE0-AEBE4F1F3542}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{21E6A589-2D86-4D77-8514-414F27E90DE2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{E85E5F47-1A4C-4281-A1F4-F5FFDE3813EA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{747104A9-A58C-4264-BDB2-3D9DEF32DF3E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{A574124D-8C8B-4071-9666-3EA3F48E0543}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
    "{F1102A3F-E8B1-440A-8F5F-E996241ADF80}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
    "{58081E78-6D67-44E4-9B37-B2755DDFD2D6}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
    "{B70E3C13-0BF9-4B46-A35B-6671090439B9}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
    "{B6C0D282-FB43-4016-88B2-D983ADB3EE7D}"= UDP:5353:Adobe CSI CS4
    "{2232CA97-E53E-4A7C-BE73-30794DA992FF}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
    "{D729BA9F-3C21-4A7A-8A4C-8C2682F2B189}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
    "{3DFC2EBE-4A49-4D48-A095-81800DEB312F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{3D6B6C19-90E2-4BA1-AFEF-A25B30E3A5DB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{595BD36C-87B8-4223-AFD9-B74F84C0949F}"= UDP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (TCP-In)
    "{70EA60D2-47F6-4694-903A-76FDD2D6BBF4}"= TCP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (UDP-In)
    "{FE9BE8E1-FDFD-4563-A418-BA9D035BBD71}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{FC281911-2EB7-4DA5-A900-19C8F6C61DF5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{07F3E981-3AC2-48DC-B90B-877B71004FD1}"= UDP:35430:µT 35430
    "{7C0375C3-48DB-43EE-A04C-A6A47F1F15F2}"= TCP:35430:35430
    "{E8A5C04B-35E7-4740-A36B-BD1D047BFBA0}"= UDP:c:\program files\uTorrent\uTorrent.exe:uTorrent
    "{DAB81D34-E5A1-497D-AA8B-367DDB237AA0}"= TCP:c:\program files\uTorrent\uTorrent.exe:uTorrent
    "TCP Query User{7A88F352-BFF7-4C4F-A384-0AE9326A4EC4}c:\\program files\\transcode360\\transcode360tray.exe"= UDP:c:\program files\transcode360\transcode360tray.exe:
    "UDP Query User{AFA8DCDB-9B95-42DD-998B-8E76CDB0E699}c:\\program files\\transcode360\\transcode360tray.exe"= TCP:c:\program files\transcode360\transcode360tray.exe:
    "{7D7E9280-BEF5-48EB-8BA3-59527C87798A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
    "{025B3AD4-AB85-4D2F-BB15-F7F5F38BB959}"= UDP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
    "{0D7D3184-0965-4C4C-BB4C-6CDC77404C33}"= TCP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
    "{D677B84E-08CC-4F75-A302-952B91B961C8}"= TCP:1041:Transcode 360
    "{3C04E86C-E85C-40E6-8165-F441F57452B7}"= TCP:10244:Transcode 360
    "{05D59994-4E96-4224-BC26-35A8CEDEEF22}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{B20D2C1D-5181-4B47-B2F5-CCD6250F545D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{A2118446-3593-4E56-B577-E2A7926590DD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{1B6C5B99-6E1D-4457-B589-82992710C55D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{093296A4-9BEE-40F8-970F-26D698A052E9}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
    "{11419E0C-FF18-415D-9273-0F1C6C86207A}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
    "{FF58D495-9620-4AC7-8021-F219B82E2107}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
    "{14AED605-58A9-495F-8CEE-7653A19E3E9C}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
    "{9A55B352-63C2-467B-AE22-B5872CD8FC12}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
    "{604050F3-FB6E-4A41-9E6B-CDFB32E8FBCA}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
    "{D8127E1B-7717-4838-80F0-B7995264CCB7}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
    "{9147E7F4-5707-4575-9B5E-AFA877D24744}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
    "{7F18A312-B532-4A06-8F73-09C228508C27}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{60714ECD-E57A-4C0C-BCC3-874C27DA7132}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{8905B12F-D465-47B3-B380-E5954A39BF98}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{92CEF1AC-3F53-4967-9D3B-1414DC6F1361}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
    "{4DDD3242-6133-41FB-86DD-1ED97337BF67}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
    "{3AD12867-F1B6-4C88-98A7-DFA95368E90A}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
    "{E8A0E8C7-1B2E-43F9-A85F-A8B3EFE012EF}"= UDP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
    "{83A08EF7-F3FB-46B4-A738-247104885DB7}"= TCP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

    R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [30/09/2008 03:56 42608]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/10/06 14:21];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [06/10/2009 14:20 87536]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
    R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [05/02/2009 15:38 188416]
    R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [30/09/2008 04:04 75048]
    R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [25/07/2008 14:51 24576]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [01/05/2009 14:35 181544]
    R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [09/07/2009 18:39 233472]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/10/2009 14:29 269648]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [02/05/2009 12:08 206112]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
    R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [30/09/2008 04:04 122368]
    R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30/09/2008 04:19 233472]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [22/09/2008 13:40 14336]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [09/07/2009 18:39 36608]
    R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [20/05/2009 06:02 48640]
    R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [09/10/2009 14:29 19160]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 08:40 3668480]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [25/06/2008 07:05 44064]
    R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28/03/2007 07:51 43008]
    S2 gupdate1c9d4ccfe26ad22;Google Update Service (gupdate1c9d4ccfe26ad22);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 21:48 133104]
    S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [30/09/2008 03:56 3602432]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 16:51 24064]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [15/09/2008 14:26 7168]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [09/10/2009 14:29 38224]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [30/07/2009 16:01 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [30/07/2009 16:01 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [30/07/2009 16:01 121856]
    S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\System32\drivers\ZTEusbnet.sys [06/07/2009 22:26 110080]
    S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\System32\drivers\zteusbvoice.sys [06/07/2009 22:26 104960]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - FSUSBEXDISK

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'Tâches planifiées'

    2009-10-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 20:00]

    2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]

    2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]

    2009-05-02 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]

    2009-05-02 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]

    2009-10-03 c:\windows\Tasks\NeroLiveEpgUpdate-PC-de-Sébastien_Sébastien.job
    - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 07:59]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    FF - ProfilePath - c:\users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\wfb5fe5d.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-Cerberus45 - c:\windows\System32\Cerberus12\server95.exe
    HKCU-Run-AdobeBridge - (no file)
    HKLM-Run-Cerberus45 - c:\windows\System32\Cerberus12\server95.exe
    HKLM-Run-eRecoveryService - (no file)
    HKLM-Run-NPSStartup - (no file)

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-11 11:38
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(3024)
    c:\program files\RocketDock\RocketDock.dll
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\windows\System32\SysHook.dll
    c:\windows\system32\btncopy.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    c:\progra~1\mcafee\VIRUSS~1\scriptsn.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    c:\windows\system32\BtwNamespaceExt.dll
    c:\windows\system32\BtwNeLib.dll
    c:\windows\system32\btwapi.dll
    c:\windows\system32\btosif.dll
    c:\windows\system32\btwpimif.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    SystemRoot\System32\smss.exe [544]
    c:\windows\system32\csrss.exe [612]
    c:\windows\system32\wininit.exe [664]
    c:\windows\system32\csrss.exe [672]
    c:\windows\system32\services.exe [712]
    c:\windows\system32\lsass.exe [724]
    c:\windows\system32\lsm.exe [732]
    c:\windows\system32\svchost.exe [892]
    c:\windows\system32\nvvsvc.exe [936]
    c:\windows\system32\svchost.exe [964]
    c:\windows\System32\svchost.exe [1060]
    c:\windows\System32\svchost.exe [1092]
    c:\windows\system32\svchost.exe [1104]
    c:\windows\system32\svchost.exe [1200]
    c:\windows\system32\SLsvc.exe [1216]
    c:\windows\system32\winlogon.exe [1252]
    c:\windows\system32\svchost.exe [1300]
    c:\windows\system32\svchost.exe [1420]
    c:\windows\system32\WLANExt.exe [1556]
    c:\windows\System32\spoolsv.exe [1616]
    c:\windows\system32\svchost.exe [1660]
    c:\windows\system32\rundll32.exe [1832]
    c:\program files\Common Files\SPBA\upeksvr.exe [1896]
    c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe [572]
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [364]
    c:\program files\Bonjour\mDNSResponder.exe [532]
    c:\windows\system32\svchost.exe [616]
    c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [960]
    c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [1856]
    c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2064]
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2116]
    c:\program files\Acer\Empowering Technology\Service\ETService.exe [2140]
    c:\program files\Intel\WiFi\bin\EvtEng.exe [2232]
    c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2276]
    c:\windows\system32\FsUsbExService.Exe [2340]
    c:\windows\system32\svchost.exe [2520]
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2560]
    c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe [2620]
    c:\program files\Common Files\LightScribe\LSSrvc.exe [2684]
    c:\program files\McAfee\SiteAdvisor\McSACore.exe [2696]
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2748]
    c:\windows\system32\rundll32.exe [2792]
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe [2816]
    c:\acer\Mobility Center\MobilityService.exe [2924]
    c:\program files\McAfee\MPF\MPFSrv.exe [3160]
    c:\program files\McAfee\MSK\MskSrver.exe [3180]
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [3220]
    c:\windows\System32\svchost.exe [3364]
    c:\program files\CDBurnerXP\NMSAccessU.exe [3412]
    c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [3428]
    c:\windows\system32\Dwm.exe [3660]
    c:\windows\System32\svchost.exe [3692]
    c:\windows\system32\PnkBstrA.exe [3720]
    c:\windows\system32\svchost.exe [3760]
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe [3812]
    c:\program files\Cyberlink\Shared files\RichVideo.exe [3864]
    c:\program files\Acer\Acer VCM\RS_Service.exe [3888]
    c:\windows\system32\svchost.exe [3944]
    c:\windows\System32\svchost.exe [4016]
    c:\windows\system32\SearchIndexer.exe [4056]
    c:\windows\system32\DRIVERS\xaudio.exe [1944]
    c:\windows\system32\taskeng.exe [2476]
    c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2452]
    c:\windows\system32\wbem\wmiprvse.exe [2596]
    c:\windows\system32\CF6725.exe [4328]
    c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [4456]
    c:\windows\RtHDVCpl.exe [4464]
    c:\program files\Synaptics\SynTP\SynTPEnh.exe [4472]
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe [4480]
    c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe [4520]
    c:\windows\System32\rundll32.exe [4628]
    c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe [4648]
    c:\program files\Acer\Acer Bio Protection\PdtWzd.exe [4656]
    c:\program files\HP\HP Software Update\hpwuSchd2.exe [4708]
    c:\program files\Launch Manager\QtZgAcer.EXE [4724]
    c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [4768]
    c:\program files\Java\jre6\bin\jusched.exe [4832]
    c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [4856]
    c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [4864]
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [4872]
    c:\windows\ehome\ehtray.exe [4884]
    c:\program files\RocketDock\RocketDock.exe [4928]
    c:\program files\Windows Sidebar\sidebar.exe [4984]
    c:\windows\ehome\ehmsas.exe [5192]
    c:\users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe [5380]
    c:\windows\system32\wbem\unsecapp.exe [6128]
    c:\windows\system32\wbem\wmiprvse.exe [4092]
    c:\progra~1\McAfee\MSC\mcmscsvc.exe [5988]
    c:\progra~1\mcafee.com\agent\mcagent.exe [1280]
    c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe [5228]
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe [1088]
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2368]
    c:\program files\Windows Media Player\wmpnetwk.exe [2740]
    c:\progra~1\mcafee\msc\mcupdmgr.exe [2772]
    c:\windows\Explorer.exe [3024]
    c:\windows\system32\DllHost.exe [5156]
    c:\windows\system32\NOTEPAD.EXE [3124]
    c:\asdehi\catchme.cfxxe [3684]
    .
    **************************************************************************
    .
    Heure de fin: 2009-10-11 11:47 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-10-11 09:47

    Avant-CF: 43 326 074 880 octets libres
    Après-CF: 43 140 534 272 octets libres

    516 --- E O F --- 2009-10-04 10:30
    0
    1. Utilisateur anonyme
       
      Bonjour

      1)C - Ccleaner :

      https://filehippo.com/download_ccleaner/

      .enregistres le sur le bureau
      .double-cliques sur le fichier pour lancer l'installation
      .sur la fenêtre de l'installation langage bien choisir français et OK
      .cliques sur suivant
      .lis la licence et j'accepte
      .cliques sur suivant
      .la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
      .cliques sur installer
      .cliques sur fermer
      .double-cliques sur l'icône de Ccleaner pour l'ouvrir
      .une fois ouvert tu cliques sur option et puis avancé
      .tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
      .cliques sur nettoyeur
      .cliques sur windows et dans la colonne avancé
      .coches la première case vieilles données du perfetch ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
      .cliques sur analyse une fois l'analyse terminé
      .cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vérifies en appuyant de nouveau sur analyse pour être sur qu'il n'y est plus rien
      .clique maintenant sur registre et puis sur rechercher les erreurs
      .laisse tout coché et clique sur réparer les erreurs sélectionnées
      .il te demande de sauvegarder OUI
      .tu lui donnes un nom pour pouvoir la retrouver et enregistre
      .clique sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
      .il supprime et fermer tu vérifies en relançant rechercher les erreurs
      .tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
      .tu peux fermer Ccleaner.

      Tuto : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm


      2)Repasse MBAM stp

      Merci et @+
      0
  12. Seb1989 Messages postés 58 Statut Membre 13
     
    re,

    Malwarebytes' Anti-Malware 1.41
    Version de la base de données: 2928
    Windows 6.0.6002 Service Pack 2

    11/10/2009 15:59:27
    mbam-log-2009-10-11 (15-59-27).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 299877
    Temps écoulé: 2 hour(s), 11 minute(s), 20 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  13. Utilisateur anonyme
     
    Re

    1)Reposte un RSIT stp

    2)Lance une analyse complète avec ton antivirus;et poste moi le rapport

    Merci et @+
    0
  14. Seb1989 Messages postés 58 Statut Membre 13
     
    1)

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Sébastien at 2009-10-11 16:18:02
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
    System drive C: has 41 GB (28%) free of 148 GB
    Total RAM: 3066 MB (42% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:18:42, on 11/10/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\SBASTI~1\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\System32\notepad.exe
    C:\Users\Sébastien\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Sébastien.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
    O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9d4ccfe26ad22) (gupdate1c9d4ccfe26ad22) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
    1. Utilisateur anonyme
       
      Re

      As tu lancé l'analyse antivirus?
      Si c'est le cas ,fini
      et passe seulement aprés à ceci:

      |==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
      |===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|

      -----------------------------------------------------------------------------------------------

      Toujours avec toutes les protections désactivées, fais ceci :

      • Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
      • Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

      ----------------------------------------------------------


      KillAll::

      Driver::

      File::
      C:\Windows\system32\Cerberus12\server95.exe
      Rootkit ::

      Folder::


      Registry:
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cerberus45]

      . -----------------------------------------------------------------

      Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
      • Quitte le Bloc Notes

      • Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

      • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
      • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
      • Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

      @+
      0
  15. Seb1989 Messages postés 58 Statut Membre 13
     
    Je fait la manipe dès que McAfee aura finit son analyse complète.

    Merci pour cette aide précieuse.
    0
  16. Seb1989 Messages postés 58 Statut Membre 13
     
    c'est tout ce dont je dispose comme rapport McAfee :

    Analyse terminée.

    Date de début : 11/10/2009 16:22:23
    Date de fin : 11/10/2009 20:23:20

    nbr total de fichier analysés : 172058
    nbr total de fichier détectés : 0
    nbr total des fichiers mis en quarantaine : 0

    Cookies analysés : 1
    Cookie de suivi détectés : 0
    Entrées de base de registre analysées : 142410
    Entrées de base de registre détectées : 0
    Processus analysés : 102
    Processus détectés : 0

    Version du moteur : 5301.4018
    DAT version : 5767.0000
    0
    1. Utilisateur anonyme
       
      Ok

      Passe à la suite stp
      Merci et @+
      0
  17. Seb1989 Messages postés 58 Statut Membre 13
     
    ComboFix 09-10-10.02 - Sébastien 11/10/2009 20:40.2.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.1511 [GMT 2:00]
    Lancé depuis: c:\users\Sébastien\Desktop\asdehi.exe
    Commutateurs utilisés :: c:\users\Sébastien\Desktop\CFScript.txt
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\Cerberus12\server95.exe"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\bdcore.dll
    c:\windows\Downloaded Program Files\libfn.dll
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-11 au 2009-10-11 ))))))))))))))))))))))))))))))))))))
    .

    2009-10-11 18:53 . 2009-10-11 18:53 -------- d-----w- c:\users\Public\AppData\Local\temp
    2009-10-11 18:53 . 2009-10-11 18:53 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2009-10-11 18:53 . 2009-10-11 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-10-11 16:42 . 2009-10-11 16:42 -------- d-----w- c:\windows\BDOSCAN8
    2009-10-09 12:29 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-10-09 12:29 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-10-09 12:29 . 2009-10-09 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-09 12:14 . 2009-10-09 12:14 -------- d-----w- C:\_OTM
    2009-10-08 19:07 . 2009-10-08 19:07 -------- d-----w- C:\rsit
    2009-10-08 19:01 . 2009-10-08 19:01 -------- d-----w- c:\program files\Trend Micro
    2009-10-08 18:07 . 2009-10-08 18:07 -------- d-sh--w- c:\users\SÚbastien
    2009-10-08 18:05 . 2009-10-08 18:08 -------- d-----w- C:\GenProc
    2009-10-07 12:15 . 2009-10-08 06:44 146314 ----a-w- c:\windows\hpoins18.dat
    2009-10-07 12:14 . 2007-03-01 00:35 6600 ----a-w- c:\windows\hpomdl18.dat
    2009-10-06 09:20 . 2009-10-08 17:35 -------- d-----w- c:\program files\Ad-Remover
    2009-10-04 10:31 . 2009-10-04 10:31 -------- d-----w- c:\program files\Microsoft
    2009-10-04 10:30 . 2009-10-04 10:30 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-10-02 10:39 . 2009-10-02 10:39 -------- d-----w- c:\windows\system32\URTTEMP
    2009-09-28 11:10 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Cerberus12
    2009-09-25 15:27 . 2009-09-25 15:27 -------- d-----w- c:\program files\Druide
    2009-09-25 15:21 . 2009-09-25 15:21 -------- d-----w- c:\program files\7-Zip
    2009-09-25 14:08 . 2009-10-09 14:42 -------- d-----w- c:\windows\system32\Spy-Net
    2009-09-24 09:08 . 2009-09-24 09:08 -------- d-----w- c:\program files\iPod
    2009-09-24 09:08 . 2009-09-24 09:10 -------- d-----w- c:\program files\iTunes
    2009-09-23 22:07 . 2009-10-04 18:58 -------- d-----w- C:\Mes Sites Web
    2009-09-17 09:38 . 2009-09-17 09:38 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2009-09-14 09:45 . 2009-09-14 10:01 -------- d-----w- c:\program files\abgx360
    2009-09-12 08:48 . 2009-09-12 08:48 -------- d-----w- c:\programdata\Malwarebytes

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-11 18:56 . 2009-03-13 13:35 28219 ----a-w- c:\programdata\nvModes.dat
    2009-10-11 18:53 . 2008-09-30 01:30 12 ----a-w- c:\windows\bthservsdp.dat
    2009-10-11 18:12 . 2008-01-21 08:40 679418 ----a-w- c:\windows\system32\perfh00C.dat
    2009-10-11 18:12 . 2008-01-21 08:40 128418 ----a-w- c:\windows\system32\perfc00C.dat
    2009-10-11 08:54 . 2009-05-14 20:00 -------- d-----w- c:\programdata\Google Updater
    2009-10-09 07:24 . 2009-03-13 19:20 -------- d-----w- c:\program files\MSECache
    2009-10-06 12:44 . 2008-09-30 01:43 -------- d-----w- c:\program files\Launch Manager
    2009-10-06 12:19 . 2008-09-30 01:57 -------- d-----w- c:\programdata\CyberLink
    2009-10-06 09:40 . 2009-08-17 20:33 -------- d-----w- c:\program files\JDownloader 0.6.193
    2009-10-04 10:54 . 2009-03-13 12:45 -------- d-----w- c:\program files\Patch MsnCreative
    2009-09-29 15:58 . 2009-03-13 13:14 -------- d-----w- c:\program files\OpenOffice.org 3
    2009-09-29 15:46 . 2009-07-09 16:37 -------- d-----w- c:\program files\PC Connectivity Solution
    2009-09-29 15:44 . 2009-03-13 14:51 -------- d-----w- c:\program files\Google
    2009-09-29 15:44 . 2008-07-25 13:04 -------- d-----w- c:\program files\Acer GameZone
    2009-09-29 15:43 . 2008-07-25 12:37 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-09-24 09:08 . 2009-06-13 12:35 -------- d-----w- c:\program files\Common Files\Apple
    2009-09-10 08:58 . 2009-03-13 12:42 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-09-10 08:51 . 2009-09-10 08:49 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-09-10 08:46 . 2009-09-10 08:45 -------- d-----w- c:\program files\QuickTime
    2009-09-10 08:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-09-07 17:50 . 2009-09-07 17:50 89088 ----a-w- c:\windows\system32\atl71.dll
    2009-09-07 17:50 . 2009-09-07 17:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2009-09-07 17:50 . 2009-09-07 17:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2009-09-07 17:50 . 2009-09-07 17:50 1060864 ----a-w- c:\windows\system32\MFC71.dll
    2009-09-07 17:50 . 2009-09-07 17:50 1047552 ----a-w- c:\windows\system32\MFC71u.dll
    2009-09-06 20:16 . 2009-09-06 20:16 -------- d-----w- c:\program files\Ipulp
    2009-09-04 11:09 . 2009-09-04 11:09 -------- d-----w- c:\program files\SpeedyFox
    2009-08-29 00:27 . 2009-09-02 20:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-29 00:14 . 2009-09-02 20:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-28 15:02 . 2009-08-27 12:39 -------- d-----w- c:\program files\ImgBurn
    2009-08-27 12:42 . 2009-08-27 12:42 -------- d-----w- c:\programdata\WindowsSearch
    2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\programdata\Seagate
    2009-08-26 11:11 . 2009-08-26 11:11 -------- d-----w- c:\program files\Seagate
    2009-08-25 22:09 . 2009-05-02 10:02 -------- d-----w- c:\program files\McAfee
    2009-08-24 09:11 . 2009-03-18 14:50 164389 ----a-w- c:\windows\hpoins19.dat
    2009-08-14 16:27 . 2009-09-09 08:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2009-08-14 15:53 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\netevent.dll
    2009-08-14 13:49 . 2009-09-09 08:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 19968 ----a-w- c:\windows\system32\ARP.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2009-08-14 13:49 . 2009-09-09 08:39 10240 ----a-w- c:\windows\system32\finger.exe
    2009-08-14 13:48 . 2009-09-09 08:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2009-08-14 13:48 . 2009-09-09 08:39 105984 ----a-w- c:\windows\system32\netiohlp.dll
    2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
    2009-07-25 03:23 . 2009-03-14 12:22 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-21 21:52 . 2009-07-30 08:16 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-07-30 08:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-07-30 08:16 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-07-30 08:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-17 13:54 . 2009-08-13 07:03 71680 ----a-w- c:\windows\system32\atl.dll
    2009-07-16 10:32 . 2009-05-02 10:04 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
    2009-07-15 12:40 . 2009-08-13 07:03 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-07-15 12:39 . 2009-08-13 07:03 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-15 12:39 . 2009-08-13 07:03 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-07-15 12:39 . 2009-08-13 07:03 7680 ----a-w- c:\windows\system32\spwmp.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-10-11_09.39.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2009-10-11 18:58 84394 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-10-11 18:58 98838 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-03-13 14:52 . 2009-10-11 18:58 13676 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-811835293-1638113248-1029637537-1000_UserData.bin
    + 2009-03-13 14:46 . 2009-10-11 14:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-03-13 14:46 . 2009-10-11 09:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-13 14:46 . 2009-10-11 14:32 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-03-13 14:46 . 2009-10-11 09:08 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-03-13 14:46 . 2009-10-11 09:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-03-13 14:46 . 2009-10-11 14:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2006-05-24 23:21 . 2006-05-24 23:21 53248 c:\windows\Downloaded Program Files\ipsupd.dll
    + 2006-05-24 23:22 . 2006-05-24 23:22 53248 c:\windows\bdoscandel.exe
    + 2006-05-24 23:21 . 2006-05-24 23:21 53248 c:\windows\BDOSCAN8\ipsupd.dll
    + 2009-10-11 18:07 . 2009-10-11 18:07 6790 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youtube.com\youtube.com\Data.dat
    - 2009-10-09 21:23 . 2009-10-09 21:23 6790 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youtube.com\youtube.com\Data.dat
    - 2009-10-10 08:07 . 2009-10-10 08:07 5476 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youporn.com\youporn.com\Data.dat
    + 2009-10-11 18:17 . 2009-10-11 18:17 5476 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\youporn.com\youporn.com\Data.dat
    + 2009-10-11 16:11 . 2009-10-11 16:11 6330 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\yimg.com\yimg.com\Data.dat
    - 2009-10-09 06:26 . 2009-10-09 06:26 6548 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\wikipedia.org\wikipedia.org\Data.dat
    + 2009-10-11 13:24 . 2009-10-11 13:24 6548 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\wikipedia.org\wikipedia.org\Data.dat
    + 2009-10-11 15:28 . 2009-10-11 15:28 3550 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\verre%2Dlyris.com\verre%2Dlyris.com\Data.dat
    - 2009-10-09 19:33 . 2009-10-09 19:33 4242 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\u%2Dclermont1.fr\u%2Dclermont1.fr\Data.dat
    + 2009-10-11 18:19 . 2009-10-11 18:19 4242 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\u%2Dclermont1.fr\u%2Dclermont1.fr\Data.dat
    - 2009-10-11 08:57 . 2009-10-11 08:57 4692 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\totalgaz.fr\totalgaz.fr\Data.dat
    + 2009-10-11 18:09 . 2009-10-11 18:09 4692 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\totalgaz.fr\totalgaz.fr\Data.dat
    + 2009-10-11 16:10 . 2009-10-11 16:10 5568 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\sunglassesitaly.com\sunglassesitaly.com\Data.dat
    + 2009-10-11 16:07 . 2009-10-11 16:07 4818 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\solaris%2Dsunglass.com\solaris%2Dsunglass.com\Data.dat
    - 2009-10-09 11:02 . 2009-10-09 11:02 6434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\societegenerale.fr\societegenerale.fr\Data.dat
    + 2009-10-11 09:53 . 2009-10-11 09:53 6434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\societegenerale.fr\societegenerale.fr\Data.dat
    + 2009-10-11 16:07 . 2009-10-11 16:07 5912 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\snowreef.com\snowreef.com\Data.dat
    + 2009-10-11 18:16 . 2009-10-11 18:16 6416 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\skype.com\skype.com\Data.dat
    - 2009-10-09 21:33 . 2009-10-09 21:33 5852 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\sharethis.com\sharethis.com\Data.dat
    + 2009-10-11 16:05 . 2009-10-11 16:05 5852 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\sharethis.com\sharethis.com\Data.dat
    + 2009-10-11 12:39 . 2009-10-11 12:39 6350 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\scribd.com\scribd.com\Data.dat
    + 2009-10-11 16:08 . 2009-10-11 16:08 6050 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\scene7.com\scene7.com\Data.dat
    + 2009-10-11 14:27 . 2009-10-11 14:27 4722 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\rocheblave.com\rocheblave.com\Data.dat
    + 2009-10-11 17:26 . 2009-10-11 17:26 5580 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\ray%2Dban.com\ray%2Dban.com\Data.dat
    + 2009-10-11 15:00 . 2009-10-11 15:00 6346 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\proximedia.com\proximedia.com\Data.dat
    + 2009-10-11 11:40 . 2009-10-11 11:40 6362 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\piriform.com\piriform.com\Data.dat
    + 2009-10-11 11:22 . 2009-10-11 11:22 5490 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\passport.com\passport.com\Data.dat
    - 2009-10-10 10:41 . 2009-10-10 10:41 5490 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\passport.com\passport.com\Data.dat
    + 2009-10-11 11:53 . 2009-10-11 11:53 7098 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\pagesperso%2Dorange.fr\pagesperso%2Dorange.fr\Data.dat
    + 2009-10-11 14:41 . 2009-10-11 14:41 4896 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\over%2Dblog.com\over%2Dblog.com\Data.dat
    + 2009-10-11 14:42 . 2009-10-11 14:42 3752 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\over%2Dblog.com\avocatravail.over%2Dblog.com\Data.dat
    + 2009-10-11 17:26 . 2009-10-11 17:26 5536 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optique%2Dsergent.com\optique%2Dsergent.com\Data.dat
    - 2009-10-10 08:06 . 2009-10-10 08:06 5496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optical%2Dcenter.fr\optical%2Dcenter.fr\Data.dat
    + 2009-10-11 18:09 . 2009-10-11 18:09 5496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optical%2Dcenter.fr\optical%2Dcenter.fr\Data.dat
    + 2009-10-11 10:32 . 2009-10-11 10:32 5496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optical%2Dcenter.eu\optical%2Dcenter.eu\Data.dat
    - 2009-10-08 09:03 . 2009-10-08 09:03 4990 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optic2000.fr\optic2000.fr\Data.dat
    + 2009-10-11 10:36 . 2009-10-11 10:36 4990 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\optic2000.fr\optic2000.fr\Data.dat
    + 2009-10-11 14:42 . 2009-10-11 14:42 5434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\oboulo.com\oboulo.com\Data.dat
    - 2009-10-08 18:11 . 2009-10-08 18:11 5434 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\oboulo.com\oboulo.com\Data.dat
    + 2009-10-11 16:41 . 2009-10-11 16:41 6704 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\msn.com\msn.com\Data.dat
    - 2009-10-10 10:41 . 2009-10-10 10:41 6704 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\msn.com\msn.com\Data.dat
    + 2009-10-11 16:11 . 2009-10-11 16:11 5490 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\mbstores.com\mbstores.com\Data.dat
    + 2009-10-11 15:35 . 2009-10-11 15:35 5396 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\mabul.org\mabul.org\Data.dat
    - 2009-10-10 10:41 . 2009-10-10 10:41 7146 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\live.com\live.com\Data.dat
    + 2009-10-11 11:23 . 2009-10-11 11:23 7146 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\live.com\live.com\Data.dat
    + 2009-10-11 14:47 . 2009-10-11 14:47 5442 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lexinter.net\lexinter.net\Data.dat
    + 2009-10-11 18:18 . 2009-10-11 18:18 6322 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lequipe.fr\lequipe.fr\Data.dat
    - 2009-10-09 19:40 . 2009-10-09 19:40 6322 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lequipe.fr\lequipe.fr\Data.dat
    + 2009-10-11 14:27 . 2009-10-11 14:27 3578 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\lepetitjuriste.fr\lepetitjuriste.fr\Data.dat
    + 2009-10-11 10:08 . 2009-10-11 10:08 5428 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\leboost.com\leboost.com\Data.dat
    - 2009-10-08 09:03 . 2009-10-08 09:03 4202 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\krys.com\krys.com\Data.dat
    + 2009-10-11 10:38 . 2009-10-11 10:38 4202 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\krys.com\krys.com\Data.dat
    - 2009-10-09 21:33 . 2009-10-09 21:33 7150 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\korben.info\korben.info\Data.dat
    + 2009-10-11 16:05 . 2009-10-11 16:05 7150 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\korben.info\korben.info\Data.dat
    + 2009-10-11 18:26 . 2009-10-11 18:26 6426 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\infos%2Ddu%2Dnet.com\infos%2Ddu%2Dnet.com\Data.dat
    - 2009-10-08 08:39 . 2009-10-08 08:39 6336 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\hardware.fr\hardware.fr\Data.dat
    + 2009-10-11 15:19 . 2009-10-11 15:19 6336 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\hardware.fr\hardware.fr\Data.dat
    + 2009-10-11 16:40 . 2009-10-11 16:40 6496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.fr\google.fr\Data.dat
    - 2009-10-11 08:57 . 2009-10-11 08:57 6496 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.fr\google.fr\Data.dat
    + 2009-10-11 16:40 . 2009-10-11 16:40 6970 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.com\google.com\Data.dat
    - 2009-10-10 10:41 . 2009-10-10 10:41 6970 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\google.com\google.com\Data.dat
    + 2009-10-11 18:07 . 2009-10-11 18:07 6334 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\facebook.com\facebook.com\Data.dat
    - 2009-10-11 08:54 . 2009-10-11 08:54 6334 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\facebook.com\facebook.com\Data.dat
    + 2009-10-11 15:26 . 2009-10-11 15:26 4994 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\essilor.fr\essilor.fr\Data.dat
    + 2009-10-11 10:17 . 2009-10-11 10:17 5878 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\diesel.com\diesel.com\Data.dat
    + 2009-10-11 12:38 . 2009-10-11 12:38 5048 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\crous%2Dclermont.fr\crous%2Dclermont.fr\Data.dat
    + 2009-10-11 12:35 . 2009-10-11 12:35 4794 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\courdecassation.fr\courdecassation.fr\Data.dat
    - 2009-10-11 08:56 . 2009-10-11 08:56 5560 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\commentcamarche.net\commentcamarche.net\Data.dat
    + 2009-10-11 18:08 . 2009-10-11 18:08 5560 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\commentcamarche.net\commentcamarche.net\Data.dat
    + 2009-10-11 15:03 . 2009-10-11 15:03 5396 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\ciao.fr\ciao.fr\Data.dat
    + 2009-10-11 14:38 . 2009-10-11 14:38 5442 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\blogemploi.com\blogemploi.com\Data.dat
    + 2009-10-11 14:47 . 2009-10-11 14:47 5404 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\blogdroitadministratif.net\blogdroitadministratif.net\Data.dat
    + 2009-10-11 16:40 . 2009-10-11 16:40 6410 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\bitdefender.fr\bitdefender.fr\Data.dat
    + 2009-10-11 16:41 . 2009-10-11 16:41 6428 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\bitdefender.com\bitdefender.com\Data.dat
    + 2009-10-11 14:42 . 2009-10-11 14:42 4918 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\avocats.fr\avocats.fr\Data.dat
    + 2009-10-11 10:37 . 2009-10-11 10:37 3564 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\alainafflelou.fr\alainafflelou.fr\Data.dat
    + 2009-10-11 10:37 . 2009-10-11 10:37 5036 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\alainafflelou.com\alainafflelou.com\Data.dat
    + 2009-10-11 10:10 . 2009-10-11 10:10 3452 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea.fr\adrea.fr\Data.dat
    - 2009-10-08 08:40 . 2009-10-08 08:40 3452 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea.fr\adrea.fr\Data.dat
    + 2009-10-11 17:26 . 2009-10-11 17:26 3802 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\Data.dat
    - 2009-10-08 08:40 . 2009-10-08 08:40 3802 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\adrea%2Dmutuelle%2Dcentre%2Dauvergne.fr\Data.dat
    - 2009-10-10 08:06 . 2009-10-10 08:06 5462 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\20minutes.fr\20minutes.fr\Data.dat
    + 2009-10-11 16:05 . 2009-10-11 16:05 5462 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\20minutes.fr\20minutes.fr\Data.dat
    + 2009-10-11 12:36 . 2009-10-11 12:36 4662 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\1901.org\1901.org\Data.dat
    + 2009-10-11 18:54 . 2009-10-11 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-10-11 09:37 . 2009-10-11 09:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-10-11 18:54 . 2009-10-11 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-10-11 09:37 . 2009-10-11 09:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 10:33 . 2009-10-11 18:12 595946 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-10-09 20:00 595946 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-10-11 18:12 105276 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-10-09 20:00 105276 c:\windows\System32\perfc009.dat
    - 2009-04-19 08:35 . 2009-10-11 09:08 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-04-19 08:35 . 2009-10-11 09:48 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2006-05-24 23:21 . 2006-05-24 23:21 118784 c:\windows\Downloaded Program Files\bdupd.dll
    + 2006-05-24 23:21 . 2006-05-24 23:21 118784 c:\windows\BDOSCAN8\bdupd.dll
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 68856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-04 3883856]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
    "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
    "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
    "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-09-30 3676160]
    "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
    "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
    "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
    "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
    2008-09-30 01:56 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
    2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
    backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
    backup=c:\windows\pss\BTTray.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
    backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):28,24,1c,96,ee,e5,c9,01

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{89799D38-6725-4CE5-9D1E-6E30415FE623}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
    "{D44F326E-3D01-4696-9E32-3ED5D49B0E4B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
    "{71E00646-63EC-47AC-B284-2EA545130FD0}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
    "{57BDCF60-2235-4679-8101-B9BD26C60ED2}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
    "{A5463B11-BEAF-45EA-83BA-4DF7CBA988E9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
    "{44132C7C-6906-4ED8-ABA6-2596681E8633}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
    "{30A1F990-1B0B-408D-9385-E83FF29BE07F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{2FCDE318-182E-4D8F-9169-FE74FBB301CE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{F9B95664-C1B4-4028-9CDC-757525CFF306}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{8BC06121-A75B-42B8-BB02-516D92ECA5ED}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
    "{D5FD47F0-B674-4133-AFE0-AEBE4F1F3542}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{21E6A589-2D86-4D77-8514-414F27E90DE2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{E85E5F47-1A4C-4281-A1F4-F5FFDE3813EA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{747104A9-A58C-4264-BDB2-3D9DEF32DF3E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{A574124D-8C8B-4071-9666-3EA3F48E0543}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
    "{F1102A3F-E8B1-440A-8F5F-E996241ADF80}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
    "{58081E78-6D67-44E4-9B37-B2755DDFD2D6}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
    "{B70E3C13-0BF9-4B46-A35B-6671090439B9}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
    "{B6C0D282-FB43-4016-88B2-D983ADB3EE7D}"= UDP:5353:Adobe CSI CS4
    "{2232CA97-E53E-4A7C-BE73-30794DA992FF}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
    "{D729BA9F-3C21-4A7A-8A4C-8C2682F2B189}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
    "{3DFC2EBE-4A49-4D48-A095-81800DEB312F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{3D6B6C19-90E2-4BA1-AFEF-A25B30E3A5DB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{595BD36C-87B8-4223-AFD9-B74F84C0949F}"= UDP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (TCP-In)
    "{70EA60D2-47F6-4694-903A-76FDD2D6BBF4}"= TCP:c:\users\Sébastien\Downloads\utorrent.exe:µTorrent (UDP-In)
    "{FE9BE8E1-FDFD-4563-A418-BA9D035BBD71}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{FC281911-2EB7-4DA5-A900-19C8F6C61DF5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{07F3E981-3AC2-48DC-B90B-877B71004FD1}"= UDP:35430:µT 35430
    "{7C0375C3-48DB-43EE-A04C-A6A47F1F15F2}"= TCP:35430:35430
    "{E8A5C04B-35E7-4740-A36B-BD1D047BFBA0}"= UDP:c:\program files\uTorrent\uTorrent.exe:uTorrent
    "{DAB81D34-E5A1-497D-AA8B-367DDB237AA0}"= TCP:c:\program files\uTorrent\uTorrent.exe:uTorrent
    "TCP Query User{7A88F352-BFF7-4C4F-A384-0AE9326A4EC4}c:\\program files\\transcode360\\transcode360tray.exe"= UDP:c:\program files\transcode360\transcode360tray.exe:
    "UDP Query User{AFA8DCDB-9B95-42DD-998B-8E76CDB0E699}c:\\program files\\transcode360\\transcode360tray.exe"= TCP:c:\program files\transcode360\transcode360tray.exe:
    "{7D7E9280-BEF5-48EB-8BA3-59527C87798A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
    "{025B3AD4-AB85-4D2F-BB15-F7F5F38BB959}"= UDP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
    "{0D7D3184-0965-4C4C-BB4C-6CDC77404C33}"= TCP:c:\program files\Transcode360\Transcode360.exe:Transcode 360
    "{D677B84E-08CC-4F75-A302-952B91B961C8}"= TCP:1041:Transcode 360
    "{3C04E86C-E85C-40E6-8165-F441F57452B7}"= TCP:10244:Transcode 360
    "{05D59994-4E96-4224-BC26-35A8CEDEEF22}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{B20D2C1D-5181-4B47-B2F5-CCD6250F545D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{A2118446-3593-4E56-B577-E2A7926590DD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{1B6C5B99-6E1D-4457-B589-82992710C55D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{093296A4-9BEE-40F8-970F-26D698A052E9}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
    "{11419E0C-FF18-415D-9273-0F1C6C86207A}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
    "{FF58D495-9620-4AC7-8021-F219B82E2107}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
    "{14AED605-58A9-495F-8CEE-7653A19E3E9C}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
    "{9A55B352-63C2-467B-AE22-B5872CD8FC12}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
    "{604050F3-FB6E-4A41-9E6B-CDFB32E8FBCA}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
    "{D8127E1B-7717-4838-80F0-B7995264CCB7}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
    "{9147E7F4-5707-4575-9B5E-AFA877D24744}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
    "{7F18A312-B532-4A06-8F73-09C228508C27}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{60714ECD-E57A-4C0C-BCC3-874C27DA7132}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{8905B12F-D465-47B3-B380-E5954A39BF98}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{92CEF1AC-3F53-4967-9D3B-1414DC6F1361}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
    "{4DDD3242-6133-41FB-86DD-1ED97337BF67}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
    "{3AD12867-F1B6-4C88-98A7-DFA95368E90A}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
    "{E8A0E8C7-1B2E-43F9-A85F-A8B3EFE012EF}"= UDP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
    "{83A08EF7-F3FB-46B4-A738-247104885DB7}"= TCP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
    "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

    R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [30/09/2008 03:56 42608]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/10/06 14:21];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [06/10/2009 14:20 87536]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
    R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [05/02/2009 15:38 188416]
    R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [30/09/2008 04:04 75048]
    R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [25/07/2008 14:51 24576]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [01/05/2009 14:35 181544]
    R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [09/07/2009 18:39 233472]
    R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [30/09/2008 03:56 3602432]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/10/2009 14:29 269648]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [02/05/2009 12:08 206112]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
    R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [30/09/2008 04:04 122368]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
    R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30/09/2008 04:19 233472]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [22/09/2008 13:40 14336]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [09/07/2009 18:39 36608]
    R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [20/05/2009 06:02 48640]
    R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [09/10/2009 14:29 19160]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 08:40 3668480]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [25/06/2008 07:05 44064]
    R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28/03/2007 07:51 43008]
    S2 gupdate1c9d4ccfe26ad22;Google Update Service (gupdate1c9d4ccfe26ad22);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 21:48 133104]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 16:51 24064]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [15/09/2008 14:26 7168]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [30/07/2009 16:01 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [30/07/2009 16:01 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [30/07/2009 16:01 121856]
    S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\System32\drivers\ZTEusbnet.sys [06/07/2009 22:26 110080]
    S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\System32\drivers\zteusbvoice.sys [06/07/2009 22:26 104960]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'Tâches planifiées'

    2009-10-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 20:00]

    2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]

    2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:48]

    2009-05-02 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]

    2009-05-02 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 19:26]

    2009-10-03 c:\windows\Tasks\NeroLiveEpgUpdate-PC-de-Sébastien_Sébastien.job
    - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 07:59]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\users\Sébastien\AppData\Roaming\Mozilla\Firefox\Profiles\wfb5fe5d.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-11 20:56
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(4944)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\windows\System32\SysHook.dll
    c:\windows\system32\btncopy.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    c:\progra~1\mcafee\VIRUSS~1\scriptsn.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
    c:\windows\system32\BtwNamespaceExt.dll
    c:\windows\system32\BtwNeLib.dll
    c:\windows\system32\btwapi.dll
    c:\windows\system32\btosif.dll
    c:\windows\system32\btwpimif.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    SystemRoot\System32\smss.exe [548]
    c:\windows\system32\csrss.exe [616]
    c:\windows\system32\wininit.exe [668]
    c:\windows\system32\csrss.exe [680]
    c:\windows\system32\services.exe [716]
    c:\windows\system32\lsass.exe [728]
    c:\windows\system32\lsm.exe [736]
    c:\windows\system32\svchost.exe [900]
    c:\windows\system32\nvvsvc.exe [944]
    c:\windows\system32\svchost.exe [968]
    c:\windows\System32\svchost.exe [1064]
    c:\windows\System32\svchost.exe [1096]
    c:\windows\system32\svchost.exe [1108]
    c:\windows\system32\svchost.exe [1212]
    c:\windows\system32\SLsvc.exe [1228]
    c:\windows\system32\svchost.exe [1272]
    c:\windows\system32\winlogon.exe [1372]
    c:\windows\system32\svchost.exe [1440]
    c:\windows\system32\WLANExt.exe [1572]
    c:\windows\System32\spoolsv.exe [1636]
    c:\windows\system32\svchost.exe [1672]
    c:\windows\system32\rundll32.exe [1856]
    c:\program files\Common Files\SPBA\upeksvr.exe [1968]
    c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe [880]
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [464]
    c:\program files\Bonjour\mDNSResponder.exe [596]
    c:\windows\system32\svchost.exe [604]
    c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [1448]
    c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [1952]
    c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2064]
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2096]
    c:\program files\Acer\Empowering Technology\Service\ETService.exe [2116]
    c:\program files\Intel\WiFi\bin\EvtEng.exe [2228]
    c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2260]
    c:\windows\system32\FsUsbExService.Exe [2384]
    c:\windows\system32\svchost.exe [2492]
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2544]
    c:\program files\Acer\Acer Bio Protection\BASVC.exe [2568]
    c:\program files\Common Files\LightScribe\LSSrvc.exe [2612]
    c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe [2640]
    c:\program files\McAfee\SiteAdvisor\McSACore.exe [2664]
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2680]
    c:\windows\system32\rundll32.exe [2688]
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe [2744]
    c:\acer\Mobility Center\MobilityService.exe [2836]
    c:\program files\McAfee\MPF\MPFSrv.exe [2956]
    c:\program files\McAfee\MSK\MskSrver.exe [3052]
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [3064]
    c:\windows\System32\svchost.exe [3228]
    c:\program files\CDBurnerXP\NMSAccessU.exe [3284]
    c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [3320]
    c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [3392]
    c:\windows\System32\svchost.exe [3416]
    c:\windows\system32\PnkBstrA.exe [3428]
    c:\windows\system32\svchost.exe [3460]
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe [3484]
    c:\program files\Cyberlink\Shared files\RichVideo.exe [3512]
    c:\program files\Acer\Acer VCM\RS_Service.exe [3532]
    c:\windows\system32\svchost.exe [3568]
    c:\windows\System32\svchost.exe [3620]
    c:\windows\system32\SearchIndexer.exe [3648]
    c:\windows\system32\DRIVERS\xaudio.exe [3712]
    c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [3792]
    c:\windows\system32\wbem\wmiprvse.exe [4004]
    c:\windows\system32\Dwm.exe [4112]
    c:\windows\system32\taskeng.exe [4236]
    c:\windows\system32\CF4630.exe [4756]
    c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [4888]
    c:\windows\RtHDVCpl.exe [4900]
    c:\program files\Synaptics\SynTP\SynTPEnh.exe [4928]
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe [4964]
    c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe [4984]
    c:\windows\System32\rundll32.exe [5128]
    c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe [5208]
    c:\program files\Acer\Acer Bio Protection\PdtWzd.exe [5240]
    c:\program files\HP\HP Software Update\hpwuSchd2.exe [5340]
    c:\program files\Launch Manager\QtZgAcer.EXE [5356]
    c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [5376]
    c:\program files\Java\jre6\bin\jusched.exe [5436]
    c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [5608]
    c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [5628]
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [5664]
    c:\windows\ehome\ehtray.exe [5676]
    c:\program files\Windows Live\Messenger\msnmsgr.exe [5712]
    c:\program files\Windows Sidebar\sidebar.exe [5728]
    c:\windows\ehome\ehmsas.exe [5920]
    c:\progra~1\McAfee\MSC\mcmscsvc.exe [5120]
    c:\windows\system32\wbem\wmiprvse.exe [5532]
    c:\progra~1\mcafee.com\agent\mcagent.exe [4268]
    c:\windows\system32\wbem\unsecapp.exe [1244]
    c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe [3028]
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe [4432]
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5520]
    c:\program files\Windows Media Player\wmpnetwk.exe [5804]
    c:\windows\servicing\TrustedInstaller.exe [4716]
    c:\windows\Explorer.exe [4944]
    c:\windows\system32\NOTEPAD.EXE [860]
    c:\windows\system32\SearchProtocolHost.exe [1400]
    c:\windows\system32\SearchFilterHost.exe [5140]
    c:\asdehi\catchme.cfxxe [4556]
    .
    **************************************************************************
    .
    Heure de fin: 2009-10-11 21:05 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-10-11 19:05
    ComboFix2.txt 2009-10-11 09:47

    Avant-CF: 43 131 076 608 octets libres
    Après-CF: 43 016 433 664 octets libres

    620 --- E O F --- 2009-10-04 10:30
    0
    1. Utilisateur anonyme
       
      Bonjour

      1)C - Ccleaner :

      https://filehippo.com/download_ccleaner/

      .enregistres le sur le bureau
      .double-cliques sur le fichier pour lancer l'installation
      .sur la fenêtre de l'installation langage bien choisir français et OK
      .cliques sur suivant
      .lis la licence et j'accepte
      .cliques sur suivant
      .la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
      .cliques sur installer
      .cliques sur fermer
      .double-cliques sur l'icône de Ccleaner pour l'ouvrir
      .une fois ouvert tu cliques sur option et puis avancé
      .tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
      .cliques sur nettoyeur
      .cliques sur windows et dans la colonne avancé
      .coches la première case vieilles données du perfetch ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
      .cliques sur analyse une fois l'analyse terminé
      .cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vérifies en appuyant de nouveau sur analyse pour être sur qu'il n'y est plus rien
      .clique maintenant sur registre et puis sur rechercher les erreurs
      .laisse tout coché et clique sur réparer les erreurs sélectionnées
      .il te demande de sauvegarder OUI
      .tu lui donnes un nom pour pouvoir la retrouver et enregistre
      .clique sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
      .il supprime et fermer tu vérifies en relançant rechercher les erreurs
      .tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
      .tu peux fermer Ccleaner.

      Tuto : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm

      2)• Désactive ton antivirus. (Lop S&D détecté par certains antivirus )
      • Télécharge Lop S&D (créé par eric 71) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
      • Double-clique dessus pour lancer l'installation
      • Double-clique sur le raccourci Lop S&D présent sur ton Bureau
      Note : Avec VISTA => clic droit et => Exécuter en tant qu'administrateur.
      • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche)
      • Patiente jusqu'à la fin du scan
      • Poste le rapport généré
      • Réactive ton antivirus

      Tutorial pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php


      @+
      0
  18. Seb1989 Messages postés 58 Statut Membre 13
     
    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
    BIOS : ZK2 v0.3121 3A21
    USER : Sébastien ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:144 Go (Free:40 Go)
    D:\ (Local Disk) - NTFS - Total:140 Go (Free:16 Go)
    F:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 12/10/2009|22:04 )

    [ UAC => 0 ]

    --------------------\\ Listing des dossiers dans Local

    [06/07/2009|22:23] C:\Users\SBASTI~1\AppData\Local\{BAD7C248-517D-4CE1-B65A-829C01BEFDB1}
    [13/03/2009|16:14] C:\Users\SBASTI~1\AppData\Local\Acer Arcade Deluxe
    [01/06/2009|21:25] C:\Users\SBASTI~1\AppData\Local\Adobe
    [14/03/2009|21:44] C:\Users\SBASTI~1\AppData\Local\Anand_Prakash
    [13/06/2009|14:37] C:\Users\SBASTI~1\AppData\Local\Apple
    [13/06/2009|14:41] C:\Users\SBASTI~1\AppData\Local\Apple Computer
    [13/03/2009|16:50] C:\Users\SBASTI~1\AppData\Local\Application Data
    [02/06/2009|03:14] C:\Users\SBASTI~1\AppData\Local\Cooliris
    [13/03/2009|16:15] C:\Users\SBASTI~1\AppData\Local\CyberLink
    [02/10/2009|14:09] C:\Users\SBASTI~1\AppData\Local\d3d9caps.dat
    [05/10/2009|18:15] C:\Users\SBASTI~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [06/07/2009|22:26] C:\Users\SBASTI~1\AppData\Local\desktop.ini
    [26/08/2009|13:07] C:\Users\SBASTI~1\AppData\Local\Downloaded Installations
    [31/07/2009|16:31] C:\Users\SBASTI~1\AppData\Local\Films
    [29/09/2009|17:44] C:\Users\SBASTI~1\AppData\Local\Google
    [13/03/2009|16:50] C:\Users\SBASTI~1\AppData\Local\Historique
    [12/10/2009|19:59] C:\Users\SBASTI~1\AppData\Local\IconCache.db
    [24/05/2009|22:44] C:\Users\SBASTI~1\AppData\Local\Microsoft
    [17/09/2009|11:40] C:\Users\SBASTI~1\AppData\Local\Microsoft Corporation
    [08/05/2009|21:13] C:\Users\SBASTI~1\AppData\Local\Microsoft Games
    [13/03/2009|16:13] C:\Users\SBASTI~1\AppData\Local\Microsoft Help
    [13/03/2009|14:51] C:\Users\SBASTI~1\AppData\Local\Mozilla
    [17/05/2009|15:17] C:\Users\SBASTI~1\AppData\Local\Nero
    [30/07/2009|11:44] C:\Users\SBASTI~1\AppData\Local\Neuf
    [13/03/2009|16:23] C:\Users\SBASTI~1\AppData\Local\PowerCinema
    [18/03/2009|22:54] C:\Users\SBASTI~1\AppData\Local\PunkBuster
    [01/05/2009|23:27] C:\Users\SBASTI~1\AppData\Local\Seven Zip
    [24/03/2009|13:34] C:\Users\SBASTI~1\AppData\Local\SoftDMA
    [12/10/2009|22:02] C:\Users\SBASTI~1\AppData\Local\temp
    [13/03/2009|16:50] C:\Users\SBASTI~1\AppData\Local\Temporary Internet Files
    [13/03/2009|16:53] C:\Users\SBASTI~1\AppData\Local\VirtualStore
    [24/09/2009|10:48] C:\Users\SBASTI~1\AppData\Local\Zattoo
    [14/03/2009|16:56] C:\Users\SBASTI~1\AppData\Local\ZattooPlayer

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [12/10/2009 19:17][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [12/10/2009 21:22][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [12/10/2009 21:25][--a------] C:\Windows\tasks\Google Software Updater.job
    [12/10/2009 00:00][--a------] C:\Windows\tasks\NeroLiveEpgUpdate-PC-de-S‚bastien_S‚bastien.job
    [02/05/2009 20:40][--a------] C:\Windows\tasks\McDefragTask.job
    [02/05/2009 20:40][--a------] C:\Windows\tasks\McQcTask.job
    [12/10/2009 21:21][--ah-----] C:\Windows\tasks\SA.DAT
    [12/10/2009 19:59][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [10/09/2009|10:51] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [13/06/2009|14:41] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [11/09/2009|14:05] C:\ProgramData\Adobe
    [11/09/2009|14:05] C:\ProgramData\afl.log
    [13/06/2009|14:35] C:\ProgramData\Apple
    [13/06/2009|14:40] C:\ProgramData\Apple Computer
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [06/10/2009|14:24] C:\ProgramData\ArcadeDeluxe2.log
    [21/03/2009|20:16] C:\ProgramData\Azureus
    [13/03/2009|16:45] C:\ProgramData\Bureau
    [06/10/2009|14:19] C:\ProgramData\CyberLink
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [15/09/2008|14:28] C:\ProgramData\DeviceInstaller.xml
    [22/09/2008|11:15] C:\ProgramData\DeviceManager.xml.rc4
    [02/11/2006|15:02] C:\ProgramData\Documents
    [10/04/2009|18:50] C:\ProgramData\EnterNHelp
    [13/03/2009|23:09] C:\ProgramData\eSobi
    [13/03/2009|16:45] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [16/04/2009|16:51] C:\ProgramData\FLEXnet
    [25/07/2008|15:05] C:\ProgramData\FloodLightGames
    [29/09/2009|17:44] C:\ProgramData\Google
    [12/10/2009|12:51] C:\ProgramData\Google Updater
    [23/07/2009|10:30] C:\ProgramData\Hewlett-Packard
    [18/03/2009|19:20] C:\ProgramData\HP
    [19/03/2009|19:49] C:\ProgramData\HP Product Assistant
    [18/03/2009|16:58] C:\ProgramData\HPSSUPPLY
    [08/10/2009|08:44] C:\ProgramData\hpzinstall.log
    [06/07/2009|22:26] C:\ProgramData\InstallShield
    [13/03/2009|22:38] C:\ProgramData\Intel
    [02/05/2009|14:12] C:\ProgramData\LightScribe
    [12/09/2009|10:48] C:\ProgramData\Malwarebytes
    [10/07/2009|17:48] C:\ProgramData\McAfee
    [13/03/2009|16:45] C:\ProgramData\Menu D‚marrer
    [14/03/2009|15:29] C:\ProgramData\Messenger Plus!
    [19/03/2009|12:06] C:\ProgramData\Microsoft
    [25/07/2009|14:30] C:\ProgramData\Microsoft Help
    [13/03/2009|16:45] C:\ProgramData\ModŠles
    [02/05/2009|13:34] C:\ProgramData\Nero
    [10/04/2009|18:39] C:\ProgramData\Nikon
    [24/09/2009|14:34] C:\ProgramData\ntuser.pol
    [05/06/2009|17:14] C:\ProgramData\NVIDIA
    [12/10/2009|21:24] C:\ProgramData\nvModes.001
    [12/10/2009|21:22] C:\ProgramData\nvModes.dat
    [09/07/2009|18:45] C:\ProgramData\PC Suite
    [16/04/2009|16:21] C:\ProgramData\PKP_DLdu.DAT
    [02/05/2009|11:56] C:\ProgramData\PKP_DLdw.DAT
    [10/04/2009|18:38] C:\ProgramData\Pop Kit
    [10/04/2009|18:50] C:\ProgramData\Printer Icons
    [10/04/2009|18:38] C:\ProgramData\Profiles
    [10/04/2009|18:50] C:\ProgramData\Receipts
    [13/03/2009|22:39] C:\ProgramData\Roaming
    [26/08/2009|13:11] C:\ProgramData\Seagate
    [15/03/2009|10:24] C:\ProgramData\SiteAdvisor
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [21/03/2009|18:51] C:\ProgramData\Temp
    [02/11/2006|15:02] C:\ProgramData\Templates
    [30/09/2008|03:55] C:\ProgramData\UIB
    [10/04/2009|18:50] C:\ProgramData\Ultima_T15
    [27/07/2009|16:11] C:\ProgramData\Vodafone
    [18/03/2009|16:59] C:\ProgramData\WEBREG
    [27/08/2009|14:42] C:\ProgramData\WindowsSearch

    --------------------\\ Listing des dossiers dans C:\Program Files

    [25/09/2009|17:21] C:\Program Files\7-Zip
    [14/09/2009|12:01] C:\Program Files\abgx360
    [13/03/2009|16:51] C:\Program Files\Acer
    [30/09/2008|04:05] C:\Program Files\Acer Arcade Deluxe
    [29/09/2009|17:44] C:\Program Files\Acer GameZone
    [30/09/2008|03:44] C:\Program Files\Acer Inc
    [30/09/2008|04:20] C:\Program Files\Acer Incorporated
    [23/06/2009|22:13] C:\Program Files\Adobe
    [16/04/2009|16:39] C:\Program Files\Adobe Media Player
    [08/10/2009|19:35] C:\Program Files\Ad-Remover
    [13/06/2009|14:37] C:\Program Files\Apple Software Update
    [25/07/2008|15:14] C:\Program Files\Big Kahuna Reef
    [02/06/2009|19:37] C:\Program Files\bobyte
    [13/06/2009|14:40] C:\Program Files\Bonjour
    [13/03/2009|21:23] C:\Program Files\Canal
    [13/03/2009|15:12] C:\Program Files\CCleaner
    [16/04/2009|17:38] C:\Program Files\CDBurnerXP
    [13/03/2009|22:38] C:\Program Files\Cisco
    [11/10/2009|20:47] C:\Program Files\Common Files
    [25/07/2008|14:42] C:\Program Files\CONEXANT
    [30/07/2009|17:05] C:\Program Files\ConvertHelper
    [25/07/2008|15:18] C:\Program Files\Convesoft
    [30/09/2008|04:19] C:\Program Files\Cyberlink
    [09/07/2009|18:44] C:\Program Files\DIFX
    [02/06/2009|02:58] C:\Program Files\DownloadToolz
    [25/09/2009|17:27] C:\Program Files\Druide
    [26/05/2009|20:31] C:\Program Files\eSobi
    [13/03/2009|16:45] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [13/05/2009|14:18] C:\Program Files\gBurner
    [29/09/2009|17:44] C:\Program Files\Google
    [18/03/2009|16:56] C:\Program Files\Hewlett-Packard
    [18/03/2009|16:58] C:\Program Files\HP
    [28/08/2009|17:02] C:\Program Files\ImgBurn
    [29/09/2009|17:43] C:\Program Files\InstallShield Installation Information
    [13/03/2009|22:38] C:\Program Files\Intel
    [03/10/2009|20:43] C:\Program Files\Internet Explorer
    [24/09/2009|11:08] C:\Program Files\iPod
    [06/09/2009|22:16] C:\Program Files\Ipulp
    [24/09/2009|11:10] C:\Program Files\iTunes
    [05/08/2009|18:01] C:\Program Files\Java
    [11/10/2009|21:24] C:\Program Files\JDownloader 0.6.193
    [06/10/2009|14:44] C:\Program Files\Launch Manager
    [09/10/2009|14:29] C:\Program Files\Malwarebytes' Anti-Malware
    [30/07/2009|15:58] C:\Program Files\MarkAny
    [31/07/2009|16:31] C:\Program Files\MaVideotheque
    [26/08/2009|00:09] C:\Program Files\McAfee
    [02/05/2009|12:03] C:\Program Files\McAfee.com
    [10/07/2009|17:43] C:\Program Files\Messenger Plus! Live
    [04/10/2009|12:31] C:\Program Files\Microsoft
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [13/03/2009|21:20] C:\Program Files\Microsoft Office
    [10/09/2009|10:58] C:\Program Files\Microsoft Silverlight
    [17/09/2009|11:38] C:\Program Files\Microsoft Windows 7 Upgrade Advisor
    [11/06/2009|00:51] C:\Program Files\Microsoft Works
    [25/07/2008|15:20] C:\Program Files\Microsoft.NET
    [26/05/2009|20:27] C:\Program Files\Morgan
    [05/06/2009|16:53] C:\Program Files\Movie Maker
    [12/10/2009|22:02] C:\Program Files\Mozilla Firefox
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [09/10/2009|09:24] C:\Program Files\MSECache
    [13/03/2009|15:53] C:\Program Files\MSXML 4.0
    [02/05/2009|13:46] C:\Program Files\Nero
    [25/07/2008|15:16] C:\Program Files\NewTech Infosystems
    [10/04/2009|18:52] C:\Program Files\Nikon
    [29/09/2009|17:58] C:\Program Files\OpenOffice.org 3
    [04/10/2009|12:54] C:\Program Files\Patch MsnCreative
    [29/09/2009|17:46] C:\Program Files\PC Connectivity Solution
    [17/04/2009|21:46] C:\Program Files\PFConfig
    [10/09/2009|10:46] C:\Program Files\QuickTime
    [25/07/2008|14:40] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [17/03/2009|17:40] C:\Program Files\RocketDock
    [30/07/2009|16:02] C:\Program Files\Samsung
    [26/08/2009|13:11] C:\Program Files\Seagate
    [30/07/2009|11:43] C:\Program Files\SFR
    [17/05/2009|19:57] C:\Program Files\SiteAdvisor
    [04/09/2009|13:09] C:\Program Files\SpeedyFox
    [25/07/2008|14:44] C:\Program Files\Synaptics
    [29/07/2009|17:47] C:\Program Files\Transcode360
    [08/10/2009|21:01] C:\Program Files\Trend Micro
    [02/11/2006|15:01] C:\Program Files\Uninstall Information
    [16/04/2009|17:38] C:\Program Files\uTorrent
    [21/03/2009|17:03] C:\Program Files\VideoLAN
    [27/07/2009|16:11] C:\Program Files\Vodafone
    [07/05/2009|18:39] C:\Program Files\Vuze
    [30/09/2008|03:38] C:\Program Files\WIDCOMM
    [25/07/2008|14:44] C:\Program Files\Winbond Electronics Corporation
    [05/06/2009|16:53] C:\Program Files\Windows Calendar
    [05/06/2009|16:53] C:\Program Files\Windows Collaboration
    [05/06/2009|16:53] C:\Program Files\Windows Defender
    [05/06/2009|16:53] C:\Program Files\Windows Journal
    [13/03/2009|14:41] C:\Program Files\Windows Live
    [04/10/2009|12:30] C:\Program Files\Windows Live SkyDrive
    [10/09/2009|10:23] C:\Program Files\Windows Mail
    [14/08/2009|11:58] C:\Program Files\Windows Media Player
    [13/03/2009|16:45] C:\Program Files\Windows NT
    [05/06/2009|16:53] C:\Program Files\Windows Photo Gallery
    [05/06/2009|16:53] C:\Program Files\Windows Sidebar
    [02/05/2009|11:52] C:\Program Files\WinRAR
    [14/03/2009|16:55] C:\Program Files\Zattoo

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [09/07/2009|18:25] C:\Program Files\Common Files\Adobe
    [13/03/2009|21:23] C:\Program Files\Common Files\Adobe AIR
    [24/09/2009|11:08] C:\Program Files\Common Files\Apple
    [25/07/2008|15:20] C:\Program Files\Common Files\DESIGNER
    [18/03/2009|16:56] C:\Program Files\Common Files\Hewlett-Packard
    [18/03/2009|16:58] C:\Program Files\Common Files\HP
    [06/07/2009|22:25] C:\Program Files\Common Files\InstallShield
    [13/03/2009|22:38] C:\Program Files\Common Files\Intel
    [13/03/2009|15:13] C:\Program Files\Common Files\Java
    [25/07/2008|15:16] C:\Program Files\Common Files\LightScribe
    [16/04/2009|16:32] C:\Program Files\Common Files\Macrovision Shared
    [02/05/2009|12:04] C:\Program Files\Common Files\McAfee
    [02/05/2009|23:12] C:\Program Files\Common Files\microsoft shared
    [10/04/2009|18:39] C:\Program Files\Common Files\muvee Technologies
    [02/05/2009|14:10] C:\Program Files\Common Files\Nero
    [10/04/2009|23:39] C:\Program Files\Common Files\Nikon
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [30/09/2008|03:56] C:\Program Files\Common Files\SPBA
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [13/03/2009|17:15] C:\Program Files\Common Files\SWF Studio
    [05/06/2009|16:53] C:\Program Files\Common Files\System
    [13/03/2009|14:32] C:\Program Files\Common Files\Windows Live

    --------------------\\ Process

    ( 111 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-12 22:04:40
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:17][D:4]-> C:\Users\SBASTI~1\AppData\Local\Temp
    [F:3][D:1]-> C:\Users\SBASTI~1\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:2][D:1]-> C:\Users\SBASTI~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:2][D:2]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 12/10/2009|22:06 - Option : [1]

    --------------------\\ Fin du rapport a 22:06:49
    [ UAC => 1 ]
    0
    1. Utilisateur anonyme
       
      Bonsoir

      1)Télécharges tools cleaner afin de supprimer les logiciels de désinfection inutiles

      ---> Télécharge Toolscleaner sur ton Bureau.
      https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
      * Double-clique sur ToolsCleaner2.exe pour le lancer.
      * Clique sur Recherche et laisse le scan agir.
      * Clique sur Suppression pour finaliser.
      * Tu peux, si tu le souhaites, te servir des Options Facultatives.
      * Clique sur Quitter pour obtenir le rapport.
      * Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


      2)Comment se comporte ton PC?
      0
  19. Seb1989 Messages postés 58 Statut Membre 13
     
    mon pc tourne bien, plus de message au démarrage ce qui est une bonne chose, j'ai envie de dire RAS ! ^^
    merci pour ton aide


    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\lopR.txt: trouvé !
    C:\Lop SD: trouvé !
    C:\GenProc: trouvé !
    C:\Qoobox: trouvé !
    C:\_OTM: trouvé !
    C:\Rsit: trouvé !
    C:\GenProc\Genproc.exe: trouvé !
    C:\GenProc\Page\GenProc[*].html: trouvé !
    C:\Lop SD\catchme.exe: trouvé !
    C:\Lop SD\catchme.log: trouvé !
    C:\Program Files\Ad-remover: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Qoobox\Quarantine\catchme.log: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\Mcx1.PC-de-Sébastien\Desktop\HijackThis.lnk: trouvé !
    C:\Users\Sébastien\Desktop\HijackThis.lnk: trouvé !
    C:\Users\Sébastien\Desktop\Rsit.exe: trouvé !
    C:\Users\Sébastien\Downloads\LopSD.exe: trouvé !
    C:\Users\Sébastien\Downloads\OTM.exe: trouvé !
    C:\Users\Sébastien\Downloads\HJTInstall.exe: trouvé !
    C:\Users\Sébastien\Downloads\Ad-R.exe: trouvé !
    C:\Users\Sébastien\Downloads\Genproc.exe: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Lop SD\catchme.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
    C:\Users\Mcx1.PC-de-Sébastien\Desktop\HijackThis.lnk: supprimé !
    C:\Users\Sébastien\Desktop\HijackThis.lnk: supprimé !
    C:\Users\Sébastien\Downloads\LopSD.exe: supprimé !
    C:\Users\Sébastien\Downloads\OTM.exe: supprimé !
    C:\Users\Sébastien\Downloads\HJTInstall.exe: supprimé !
    C:\Users\Sébastien\Downloads\Ad-R.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\lopR.txt: supprimé !
    C:\GenProc\Genproc.exe: supprimé !
    C:\GenProc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
    C:\Lop SD\catchme.log: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Qoobox\Quarantine\catchme.log: supprimé !
    C:\Users\Sébastien\Desktop\Rsit.exe: supprimé !
    C:\Users\Sébastien\Downloads\Genproc.exe: supprimé !
    C:\Lop SD: supprimé !
    C:\GenProc: supprimé !
    C:\Qoobox: supprimé !
    C:\_OTM: supprimé !
    C:\Rsit: supprimé !
    C:\Program Files\Ad-remover: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

    Fichiers temporaires nettoyés !
    0
    1. Utilisateur anonyme
       
      Re

      Désinstaller ComboFix :
      Clique sur Démarrer, puis sur Exécuter et fais un copier/coller de la commande suivante dans la zone de saisie ; puis valide par [OK]
      combofix.exe /u
      Attention à l'espace entre le exe et le slach.

      Réactive l'UAC si ce n'est déjà fait.
      Et bon surf sur le net mais avec vigilance

      Post résolu ;comment faire ;voir ici :
      https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/


      @+
      0
  20. Seb1989 Messages postés 58 Statut Membre 13
     
    merci beaucoup

    Bonne soirée.
    0