Probleme avec une alerte spyware ...

Résolu
mick360 -  
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
Bon voila j'ai un probleme est je fais que cherché la solution je trouve pas .
j'explique ma situation...
j'ai u logiciel (je c'est pas d'ou il vien) mais il n'arrete pas de me dire que mon ordnateur est infecté par un spyware un petit icone jaune de forme triangulaire avex un point d'exclamation n'arrete pas de clinioté sur la barre d'outil inferieur droite . il me marque "secutrity alert:spyware found ..." et tout un tralala en anglais , quand je click dessu il menvoi plein de page internet et me propose de télécharger un antispyware (que je ne télécharge pas parceque a tout les coups c'est un virus...) j'ai fais un analise complete avec mon antivirus et mon antispyware (norton et AVG anti-spyware) j'ai rien trouvé a par mes cookie traceur
donc voila j'aimerai savoir si quelq'un peu maidé
merci d'avance
A voir également:

40 réponses

  • 1
  • 2
Réponse 1 / 40
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
salut mick360,

oui c´est un logiciel espion, communement appelé rogue,

on va s´en occuper :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

puis

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post les rapports générés ici stp...

@+
0
Réponse 2 / 40
mick360
 
ComboFix 08-03-22.3 - mick 2008-03-23 18:27:54.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1027 [GMT 1:00]
Endroit: C:\Users\mick\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\FunWebProducts
C:\Program Files\Helper
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Désinstaller.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.url
C:\Users\mick\AppData\Local\gyrdvo.dat
c:\users\mick\appdata\local\gyrdvo.exe
c:\Users\mick\AppData\Local\gyrdvo_nav.dat
c:\Users\mick\AppData\Local\gyrdvo_navps.dat
C:\Windows\system32\f3PSSavr.scr
C:\Windows\system32\nvs2.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

2008-03-23 17:11 . 2008-03-23 17:12 <REP> d-------- C:\ComboFix[1]
2008-03-23 16:35 . 2008-03-23 16:35 <REP> d-------- C:\Program Files\Blender Foundation
2008-03-21 21:55 . 2008-03-21 21:55 <REP> d-------- C:\Program Files\ffdshow
2008-03-21 21:53 . 2008-03-21 21:53 <REP> d--h----- C:\Windows\msdownld.tmp
2008-03-21 21:53 . 2008-03-21 21:53 <REP> d-------- C:\Program Files\Windows Media Components
2008-03-21 21:52 . 2008-03-21 21:52 <REP> d-------- C:\Program Files\MMConvert
2008-03-21 21:52 . 2005-04-04 13:35 745,472 --a------ C:\Windows\System32\xvidcore.dll
2008-03-21 21:52 . 2005-11-24 10:58 440,320 --a------ C:\Windows\System32\x264vfw.dll
2008-03-21 21:52 . 2005-04-04 13:52 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-03-21 21:08 . 2008-03-21 21:08 <REP> d-------- C:\Users\mick\AppData\Roaming\STOIK
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\mick\AppData\Roaming\Grisoft
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\All Users\Grisoft
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\ProgramData\Grisoft
2008-03-20 16:30 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-18 15:33 . 2008-03-23 08:57 <REP> d-------- C:\Program Files\NetProject
2008-03-01 10:52 . 2008-03-01 10:52 <REP> d-------- C:\ATI
2008-03-01 09:32 . 1997-06-02 12:32 314,880 --a------ C:\Windows\IsUninst.exe
2008-02-28 03:01 . 2008-02-28 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\Users\All Users\Age of Empires 3
2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\ProgramData\Age of Empires 3
2008-02-27 17:47 . 2008-03-11 21:19 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
2008-02-27 16:27 . 2008-02-27 16:27 <REP> d-------- C:\Users\mick\ASIO4ALL v2
2008-02-26 21:27 . 2008-02-27 16:29 <REP> d-------- C:\Program Files\Image-Line
2008-02-26 21:27 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 17:27 --------- d-----w C:\Users\mick\AppData\Roaming\Skype
2008-03-23 15:07 --------- d-----w C:\Users\mick\AppData\Roaming\skypePM
2008-03-23 14:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-21 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 19:19 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-21 11:28 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-21 10:14 --------- d-----w C:\Users\mick\AppData\Roaming\Hamachi
2008-03-20 14:34 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-20 14:34 --------- d-----w C:\Program Files\Microsoft Works
2008-03-20 14:34 --------- d-----w C:\Program Files\Google
2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-20 13:27 --------- d-----w C:\ProgramData\Symantec
2008-02-27 16:13 --------- d-----w C:\Program Files\Microsoft Games
2008-02-22 14:45 --------- d-----w C:\Users\mick\AppData\Roaming\Propellerhead Software
2008-02-22 14:45 --------- d-----w C:\ProgramData\Propellerhead Software
2008-02-22 02:12 368,640 ----a-w C:\Windows\System32\ReWire.dll
2008-02-22 02:12 233,472 ----a-w C:\Windows\System32\REX Shared Library.dll
2008-02-16 09:07 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-15 22:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-02-15 21:09 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-15 21:05 22,328 ----a-w C:\Users\mick\AppData\Roaming\PnkBstrK.sys
2008-02-15 20:35 --------- d-----w C:\Program Files\Activision
2008-02-15 20:18 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 05:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 05:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 05:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 05:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 05:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 05:34 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 05:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 05:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 05:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 17:15 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-12 16:48 --------- d-----w C:\Program Files\pspvideo9
2008-02-12 16:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 00:48 --------- d-----w C:\Users\mick\AppData\Roaming\MessengerGadget
2008-01-24 21:22 --------- d-----w C:\Users\mick\AppData\Roaming\GRETECH
2008-01-24 21:22 --------- d-----w C:\ProgramData\GRETECH
2008-01-24 21:21 --------- d-----w C:\Program Files\GRETECH
2008-01-24 15:47 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-01-10 11:38 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-03 02:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-03 02:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-03 02:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-03 02:09 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-03 02:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-03 02:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-03 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-03 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-03 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-03 02:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-03 02:03 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-03 02:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-03 02:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-03 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-02 20:59 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 20:59 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-02 18:24 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-02 18:24 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-02 18:24 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-02 18:24 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-02 18:23 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-02 18:23 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-02 18:23 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-02 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-02 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-03-23_17.31.29.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-23 16:29:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-23 17:30:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-23 17:30:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-23 14:44:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-23 16:32:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-23 14:31:55 125,136 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-23 16:33:21 125,136 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-23 14:31:55 144,862 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-03-23 16:33:21 144,862 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-03-23 14:31:55 665,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-23 16:33:21 665,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-23 14:31:55 24,472 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-03-23 16:33:21 24,472 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-03-23 14:27:27 83,094 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-23 16:31:07 83,330 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-20 14:48:21 52,258 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-23 16:31:00 53,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
2008-03-18 15:33 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:38 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 21:52 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 09:57 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 22:27 4702208 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 21:33 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 21:30 22696]
"Acer Tour"="" []
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 12:47 45056]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 20:01 71216]
0
Réponse 3 / 40
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Re,

repost le rapport de combofix, car il n´est pas entier, et post egalement le rapport de hijack this comme je te l´avais demandé...

@+
0
Réponse 4 / 40
mick360
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:36, on 23/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142MXFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 40
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
re,

peux tu reposter le rapport de combofix car il n´etait pas complet

C:\Combofix.txt

@+
0
Réponse 6 / 40
mick360
 
ComboFix 08-03-22.3 - mick 2008-03-23 18:27:54.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1027 [GMT 1:00]
Endroit: C:\Users\mick\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\FunWebProducts
C:\Program Files\Helper
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Désinstaller.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.url
C:\Users\mick\AppData\Local\gyrdvo.dat
c:\users\mick\appdata\local\gyrdvo.exe
c:\Users\mick\AppData\Local\gyrdvo_nav.dat
c:\Users\mick\AppData\Local\gyrdvo_navps.dat
C:\Windows\system32\f3PSSavr.scr
C:\Windows\system32\nvs2.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

2008-03-23 17:11 . 2008-03-23 17:12 <REP> d-------- C:\ComboFix[1]
2008-03-23 16:35 . 2008-03-23 16:35 <REP> d-------- C:\Program Files\Blender Foundation
2008-03-21 21:55 . 2008-03-21 21:55 <REP> d-------- C:\Program Files\ffdshow
2008-03-21 21:53 . 2008-03-21 21:53 <REP> d--h----- C:\Windows\msdownld.tmp
2008-03-21 21:53 . 2008-03-21 21:53 <REP> d-------- C:\Program Files\Windows Media Components
2008-03-21 21:52 . 2008-03-21 21:52 <REP> d-------- C:\Program Files\MMConvert
2008-03-21 21:52 . 2005-04-04 13:35 745,472 --a------ C:\Windows\System32\xvidcore.dll
2008-03-21 21:52 . 2005-11-24 10:58 440,320 --a------ C:\Windows\System32\x264vfw.dll
2008-03-21 21:52 . 2005-04-04 13:52 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-03-21 21:08 . 2008-03-21 21:08 <REP> d-------- C:\Users\mick\AppData\Roaming\STOIK
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\mick\AppData\Roaming\Grisoft
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\All Users\Grisoft
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\ProgramData\Grisoft
2008-03-20 16:30 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-18 15:33 . 2008-03-23 08:57 <REP> d-------- C:\Program Files\NetProject
2008-03-01 10:52 . 2008-03-01 10:52 <REP> d-------- C:\ATI
2008-03-01 09:32 . 1997-06-02 12:32 314,880 --a------ C:\Windows\IsUninst.exe
2008-02-28 03:01 . 2008-02-28 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\Users\All Users\Age of Empires 3
2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\ProgramData\Age of Empires 3
2008-02-27 17:47 . 2008-03-11 21:19 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
2008-02-27 16:27 . 2008-02-27 16:27 <REP> d-------- C:\Users\mick\ASIO4ALL v2
2008-02-26 21:27 . 2008-02-27 16:29 <REP> d-------- C:\Program Files\Image-Line
2008-02-26 21:27 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 17:27 --------- d-----w C:\Users\mick\AppData\Roaming\Skype
2008-03-23 15:07 --------- d-----w C:\Users\mick\AppData\Roaming\skypePM
2008-03-23 14:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-21 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 19:19 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-21 11:28 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-21 10:14 --------- d-----w C:\Users\mick\AppData\Roaming\Hamachi
2008-03-20 14:34 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-20 14:34 --------- d-----w C:\Program Files\Microsoft Works
2008-03-20 14:34 --------- d-----w C:\Program Files\Google
2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-20 13:27 --------- d-----w C:\ProgramData\Symantec
2008-02-27 16:13 --------- d-----w C:\Program Files\Microsoft Games
2008-02-22 14:45 --------- d-----w C:\Users\mick\AppData\Roaming\Propellerhead Software
2008-02-22 14:45 --------- d-----w C:\ProgramData\Propellerhead Software
2008-02-22 02:12 368,640 ----a-w C:\Windows\System32\ReWire.dll
2008-02-22 02:12 233,472 ----a-w C:\Windows\System32\REX Shared Library.dll
2008-02-16 09:07 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-15 22:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-02-15 21:09 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-15 21:05 22,328 ----a-w C:\Users\mick\AppData\Roaming\PnkBstrK.sys
2008-02-15 20:35 --------- d-----w C:\Program Files\Activision
2008-02-15 20:18 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 05:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 05:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 05:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 05:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 05:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 05:34 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 05:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 05:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 05:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 17:15 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-12 16:48 --------- d-----w C:\Program Files\pspvideo9
2008-02-12 16:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 00:48 --------- d-----w C:\Users\mick\AppData\Roaming\MessengerGadget
2008-01-24 21:22 --------- d-----w C:\Users\mick\AppData\Roaming\GRETECH
2008-01-24 21:22 --------- d-----w C:\ProgramData\GRETECH
2008-01-24 21:21 --------- d-----w C:\Program Files\GRETECH
2008-01-24 15:47 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-01-10 11:38 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-03 02:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-03 02:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-03 02:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-03 02:09 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-03 02:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-03 02:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-03 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-03 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-03 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-03 02:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-03 02:03 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-03 02:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-03 02:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-03 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-02 20:59 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 20:59 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-02 18:24 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-02 18:24 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-02 18:24 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-02 18:24 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-02 18:23 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-02 18:23 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-02 18:23 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-02 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-02 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-03-23_17.31.29.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-23 16:29:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-23 17:30:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-23 17:30:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-23 14:44:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-23 16:32:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-23 14:31:55 125,136 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-23 16:33:21 125,136 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-23 14:31:55 144,862 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-03-23 16:33:21 144,862 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-03-23 14:31:55 665,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-23 16:33:21 665,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-23 14:31:55 24,472 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-03-23 16:33:21 24,472 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-03-23 14:27:27 83,094 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-23 16:31:07 83,330 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-20 14:48:21 52,258 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-23 16:31:00 53,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
2008-03-18 15:33 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:38 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 21:52 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 09:57 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 22:27 4702208 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 21:33 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 21:30 22696]
"Acer Tour"="" []
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 12:47 45056]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 20:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
"eRecoveryService"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:04 813840]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 18:33:55 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3A5CB2AD-123E-418A-A77E-C8193AA4AE83}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{698F80A5-5D09-468C-AED4-A0FF99C3D721}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{CD7C4856-5413-4AAA-BB23-A044DA77AC24}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{48721E0B-E441-48FA-946A-9151EB218353}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{7D399EC5-4345-46E8-AD51-DEBC4AA3E1FB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{5D96DD76-3A13-4440-976E-5F66D1449E53}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4054D991-9E19-4401-82FB-BAB4A202AC18}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{014B362E-7152-4DBC-8C3E-C598568AD58D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{78175FE5-5473-42B4-A5C5-5D489EA60B87}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D5FFB3C2-583A-4610-A13A-74775AB5C130}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4DAEDF99-939D-48EC-AD96-AD6D90B4AD16}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A080E02C-F5E5-4600-B9C3-ECBF0EF0E8B2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{C6C6904E-50EC-46CC-A876-1E107009A199}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{5EF88713-A0C0-4A5B-8A38-A180AAC09A2B}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{CE05B381-65B1-4EC2-A57D-63F9193A9246}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"TCP Query User{0448990B-05BD-471D-98DC-DB9AC4E0FB71}D:\\emul\\emule\\emule.exe"= UDP:D:\emul\emule\emule.exe:eMule
"UDP Query User{36A18557-FE8C-4B6B-92D2-E8CF3B6BF9AD}D:\\emul\\emule\\emule.exe"= TCP:D:\emul\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 18:04]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 00:11]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 17:18]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 09:46]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 17:39]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 08:10]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 19:12]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 21:18]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d697dd0-dc03-11dc-bd8f-000000000000}]
\shell\AutoRun\command - F:\autorun.exe
\shell\setup\command - F:\install.exe

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 19:49:13 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - mick.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-03-23 17:30:00 C:\Windows\Tasks\User_Feed_Synchronization-{76260F5B-093E-478A-BE04-78F628BA07E3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 18:30:26
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-23 18:31:14
ComboFix-quarantined-files.txt 2008-03-23 17:31:09
.
2008-03-13 14:38:54 --- E O F ---
0
Réponse 7 / 40
mick360
 
ComboFix 08-03-22.3 - mick 2008-03-23 18:27:54.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1027 [GMT 1:00]
Endroit: C:\Users\mick\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\FunWebProducts
C:\Program Files\Helper
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Désinstaller.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.url
C:\Users\mick\AppData\Local\gyrdvo.dat
c:\users\mick\appdata\local\gyrdvo.exe
c:\Users\mick\AppData\Local\gyrdvo_nav.dat
c:\Users\mick\AppData\Local\gyrdvo_navps.dat
C:\Windows\system32\f3PSSavr.scr
C:\Windows\system32\nvs2.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

2008-03-23 17:11 . 2008-03-23 17:12 <REP> d-------- C:\ComboFix[1]
2008-03-23 16:35 . 2008-03-23 16:35 <REP> d-------- C:\Program Files\Blender Foundation
2008-03-21 21:55 . 2008-03-21 21:55 <REP> d-------- C:\Program Files\ffdshow
2008-03-21 21:53 . 2008-03-21 21:53 <REP> d--h----- C:\Windows\msdownld.tmp
2008-03-21 21:53 . 2008-03-21 21:53 <REP> d-------- C:\Program Files\Windows Media Components
2008-03-21 21:52 . 2008-03-21 21:52 <REP> d-------- C:\Program Files\MMConvert
2008-03-21 21:52 . 2005-04-04 13:35 745,472 --a------ C:\Windows\System32\xvidcore.dll
2008-03-21 21:52 . 2005-11-24 10:58 440,320 --a------ C:\Windows\System32\x264vfw.dll
2008-03-21 21:52 . 2005-04-04 13:52 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-03-21 21:08 . 2008-03-21 21:08 <REP> d-------- C:\Users\mick\AppData\Roaming\STOIK
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\mick\AppData\Roaming\Grisoft
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\All Users\Grisoft
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\ProgramData\Grisoft
2008-03-20 16:30 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-18 15:33 . 2008-03-23 08:57 <REP> d-------- C:\Program Files\NetProject
2008-03-01 10:52 . 2008-03-01 10:52 <REP> d-------- C:\ATI
2008-03-01 09:32 . 1997-06-02 12:32 314,880 --a------ C:\Windows\IsUninst.exe
2008-02-28 03:01 . 2008-02-28 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\Users\All Users\Age of Empires 3
2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\ProgramData\Age of Empires 3
2008-02-27 17:47 . 2008-03-11 21:19 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
2008-02-27 16:27 . 2008-02-27 16:27 <REP> d-------- C:\Users\mick\ASIO4ALL v2
2008-02-26 21:27 . 2008-02-27 16:29 <REP> d-------- C:\Program Files\Image-Line
2008-02-26 21:27 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 17:27 --------- d-----w C:\Users\mick\AppData\Roaming\Skype
2008-03-23 15:07 --------- d-----w C:\Users\mick\AppData\Roaming\skypePM
2008-03-23 14:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-21 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 19:19 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-21 11:28 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-21 10:14 --------- d-----w C:\Users\mick\AppData\Roaming\Hamachi
2008-03-20 14:34 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-20 14:34 --------- d-----w C:\Program Files\Microsoft Works
2008-03-20 14:34 --------- d-----w C:\Program Files\Google
2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-20 13:27 --------- d-----w C:\ProgramData\Symantec
2008-02-27 16:13 --------- d-----w C:\Program Files\Microsoft Games
2008-02-22 14:45 --------- d-----w C:\Users\mick\AppData\Roaming\Propellerhead Software
2008-02-22 14:45 --------- d-----w C:\ProgramData\Propellerhead Software
2008-02-22 02:12 368,640 ----a-w C:\Windows\System32\ReWire.dll
2008-02-22 02:12 233,472 ----a-w C:\Windows\System32\REX Shared Library.dll
2008-02-16 09:07 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-15 22:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-02-15 21:09 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-15 21:05 22,328 ----a-w C:\Users\mick\AppData\Roaming\PnkBstrK.sys
2008-02-15 20:35 --------- d-----w C:\Program Files\Activision
2008-02-15 20:18 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 05:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 05:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 05:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 05:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 05:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 05:34 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 05:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 05:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 05:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 17:15 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-12 16:48 --------- d-----w C:\Program Files\pspvideo9
2008-02-12 16:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 00:48 --------- d-----w C:\Users\mick\AppData\Roaming\MessengerGadget
2008-01-24 21:22 --------- d-----w C:\Users\mick\AppData\Roaming\GRETECH
2008-01-24 21:22 --------- d-----w C:\ProgramData\GRETECH
2008-01-24 21:21 --------- d-----w C:\Program Files\GRETECH
2008-01-24 15:47 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-01-10 11:38 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-03 02:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-03 02:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-03 02:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-03 02:09 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-03 02:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-03 02:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-03 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-03 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-03 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-03 02:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-03 02:03 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-03 02:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-03 02:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-03 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-02 20:59 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 20:59 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-02 18:24 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-02 18:24 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-02 18:24 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-02 18:24 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-02 18:23 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-02 18:23 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-02 18:23 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-02 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-02 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-03-23_17.31.29.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-23 16:29:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-23 17:30:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-23 17:30:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-23 14:44:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-23 16:32:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-23 14:31:55 125,136 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-23 16:33:21 125,136 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-23 14:31:55 144,862 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-03-23 16:33:21 144,862 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-03-23 14:31:55 665,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-23 16:33:21 665,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-23 14:31:55 24,472 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-03-23 16:33:21 24,472 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-03-23 14:27:27 83,094 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-23 16:31:07 83,330 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-20 14:48:21 52,258 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-23 16:31:00 53,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
2008-03-18 15:33 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:38 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 21:52 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 09:57 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 22:27 4702208 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 21:33 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 21:30 22696]
"Acer Tour"="" []
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 12:47 45056]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 20:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
"eRecoveryService"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:04 813840]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 18:33:55 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3A5CB2AD-123E-418A-A77E-C8193AA4AE83}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{698F80A5-5D09-468C-AED4-A0FF99C3D721}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{CD7C4856-5413-4AAA-BB23-A044DA77AC24}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{48721E0B-E441-48FA-946A-9151EB218353}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{7D399EC5-4345-46E8-AD51-DEBC4AA3E1FB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{5D96DD76-3A13-4440-976E-5F66D1449E53}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4054D991-9E19-4401-82FB-BAB4A202AC18}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{014B362E-7152-4DBC-8C3E-C598568AD58D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{78175FE5-5473-42B4-A5C5-5D489EA60B87}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D5FFB3C2-583A-4610-A13A-74775AB5C130}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4DAEDF99-939D-48EC-AD96-AD6D90B4AD16}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A080E02C-F5E5-4600-B9C3-ECBF0EF0E8B2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{C6C6904E-50EC-46CC-A876-1E107009A199}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{5EF88713-A0C0-4A5B-8A38-A180AAC09A2B}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{CE05B381-65B1-4EC2-A57D-63F9193A9246}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"TCP Query User{0448990B-05BD-471D-98DC-DB9AC4E0FB71}D:\\emul\\emule\\emule.exe"= UDP:D:\emul\emule\emule.exe:eMule
"UDP Query User{36A18557-FE8C-4B6B-92D2-E8CF3B6BF9AD}D:\\emul\\emule\\emule.exe"= TCP:D:\emul\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 18:04]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 00:11]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 17:18]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 09:46]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 17:39]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 08:10]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 19:12]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 21:18]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d697dd0-dc03-11dc-bd8f-000000000000}]
\shell\AutoRun\command - F:\autorun.exe
\shell\setup\command - F:\install.exe

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 19:49:13 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - mick.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-03-23 17:30:00 C:\Windows\Tasks\User_Feed_Synchronization-{76260F5B-093E-478A-BE04-78F628BA07E3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 18:30:26
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-23 18:31:14
ComboFix-quarantined-files.txt 2008-03-23 17:31:09
.
2008-03-13 14:38:54 --- E O F ---
0
Réponse 8 / 40
mick360
 
voila tou est la ... merci de ton aide
0
Réponse 9 / 40
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok

la suite :

A l´aide de hijack this coche et fix les lignes suivantes :

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142MXFR
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

fais analyser ceci :

C:\Windows\PLFSet.dll

sur ce site :

http://virusscan.jotti.org/de/

tu l´upload en clickant sur parcourir, le laisse l´analyser et copie et colle le resultat ici

puis

Copie le texte ci-dessous :

Folder::
C:\Program Files\NetProject
C:\PROGRA~1\MYWEBS~1\bar

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"My Web Search Bar Search Scope Monitor"=-

Driver::
MyWebSearchService

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 10 / 40
mick360
 
Datei: PLFSet.dll
Auslastung: 0% 100%

Status: OK (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)
Entdeckte Packprogramme: -
Bit9 rapportiert: File not found

A-Squared Keine Viren gefunden
AntiVir Keine Viren gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Keine Viren gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
CPsecure Keine Viren gefunden
Dr.Web Keine Viren gefunden
F-Prot Antivirus Keine Viren gefunden
F-Secure Anti-Virus Keine Viren gefunden
Fortinet Keine Viren gefunden
Ikarus Keine Viren gefunden
Kaspersky Anti-Virus Keine Viren gefunden
NOD32 Keine Viren gefunden
Norman Virus Control Keine Viren gefunden
Panda Antivirus Keine Viren gefunden
Rising Antivirus Keine Viren gefunden
Sophos Antivirus Keine Viren gefunden
VirusBuster Keine Viren gefunden
VBA32 Keine Viren gefunden
0
Réponse 11 / 40
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok fais la suite ;-)
@+
0
Réponse 12 / 40
mick360
 
ComboFix 08-03-22.3 - mick 2008-03-23 21:15:21.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.967 [GMT 1:00]
Endroit: C:\Users\mick\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\NetProject
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\sbmdl.dll
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbun.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\scu.exe
C:\Program Files\NetProject\ts.ico
C:\Program Files\NetProject\uninst.exe
C:\Program Files\NetProject\waun.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

2008-03-23 20:22 . 2008-03-23 20:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-23 18:40 . 2008-03-23 18:40 <REP> d-------- C:\Program Files\Trend Micro
2008-03-23 17:11 . 2008-03-23 17:12 <REP> d-------- C:\ComboFix[1]
2008-03-23 16:35 . 2008-03-23 16:35 <REP> d-------- C:\Program Files\Blender Foundation
2008-03-21 21:55 . 2008-03-21 21:55 <REP> d-------- C:\Program Files\ffdshow
2008-03-21 21:53 . 2008-03-21 21:53 <REP> d--h----- C:\Windows\msdownld.tmp
2008-03-21 21:53 . 2008-03-21 21:53 <REP> d-------- C:\Program Files\Windows Media Components
2008-03-21 21:52 . 2008-03-21 21:52 <REP> d-------- C:\Program Files\MMConvert
2008-03-21 21:52 . 2005-04-04 13:35 745,472 --a------ C:\Windows\System32\xvidcore.dll
2008-03-21 21:52 . 2005-11-24 10:58 440,320 --a------ C:\Windows\System32\x264vfw.dll
2008-03-21 21:52 . 2005-04-04 13:52 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-03-21 21:08 . 2008-03-21 21:08 <REP> d-------- C:\Users\mick\AppData\Roaming\STOIK
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\mick\AppData\Roaming\Grisoft
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\All Users\Grisoft
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\ProgramData\Grisoft
2008-03-20 16:30 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-01 10:52 . 2008-03-01 10:52 <REP> d-------- C:\ATI
2008-03-01 09:32 . 1997-06-02 12:32 314,880 --a------ C:\Windows\IsUninst.exe
2008-02-28 03:01 . 2008-02-28 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\Users\All Users\Age of Empires 3
2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\ProgramData\Age of Empires 3
2008-02-27 17:47 . 2008-03-11 21:19 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
2008-02-27 16:27 . 2008-02-27 16:27 <REP> d-------- C:\Users\mick\ASIO4ALL v2
2008-02-26 21:27 . 2008-02-27 16:29 <REP> d-------- C:\Program Files\Image-Line
2008-02-26 21:27 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 19:47 --------- d-----w C:\Users\mick\AppData\Roaming\Skype
2008-03-23 19:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-23 19:30 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-23 19:29 --------- d-----w C:\Users\mick\AppData\Roaming\Hamachi
2008-03-23 19:29 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-23 19:29 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-23 19:29 --------- d-----w C:\Program Files\Microsoft Works
2008-03-23 19:29 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-23 19:29 --------- d-----w C:\Program Files\Google
2008-03-23 19:16 --------- d-----w C:\ProgramData\Symantec
2008-03-23 15:07 --------- d-----w C:\Users\mick\AppData\Roaming\skypePM
2008-03-21 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 19:19 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-27 16:13 --------- d-----w C:\Program Files\Microsoft Games
2008-02-22 14:45 --------- d-----w C:\Users\mick\AppData\Roaming\Propellerhead Software
2008-02-22 14:45 --------- d-----w C:\ProgramData\Propellerhead Software
2008-02-22 02:12 368,640 ----a-w C:\Windows\System32\ReWire.dll
2008-02-22 02:12 233,472 ----a-w C:\Windows\System32\REX Shared Library.dll
2008-02-16 09:07 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-15 22:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-02-15 21:09 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-15 21:05 22,328 ----a-w C:\Users\mick\AppData\Roaming\PnkBstrK.sys
2008-02-15 20:35 --------- d-----w C:\Program Files\Activision
2008-02-15 20:18 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 05:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 05:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 05:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 05:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 05:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 05:34 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 05:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 05:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 05:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 17:15 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-12 16:48 --------- d-----w C:\Program Files\pspvideo9
2008-02-12 16:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 00:48 --------- d-----w C:\Users\mick\AppData\Roaming\MessengerGadget
2008-01-24 21:22 --------- d-----w C:\Users\mick\AppData\Roaming\GRETECH
2008-01-24 21:22 --------- d-----w C:\ProgramData\GRETECH
2008-01-24 21:21 --------- d-----w C:\Program Files\GRETECH
2008-01-24 15:47 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-01-10 11:38 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-03 02:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-03 02:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-03 02:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-03 02:09 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-03 02:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-03 02:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-03 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-03 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-03 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-03 02:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-03 02:03 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-03 02:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-03 02:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-03 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-02 20:59 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 20:59 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-02 18:24 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-02 18:24 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-02 18:24 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-02 18:24 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-02 18:23 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-02 18:23 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-02 18:23 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-02 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-02 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-03-23_19.43.39.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-23 18:38:57 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-23 19:31:17 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-23 18:41:40 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-23 19:33:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-03-23 18:41:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-23 20:18:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-23 20:18:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-23 18:09:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-23 19:51:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-23 18:09:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-23 19:51:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-23 18:09:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-23 19:51:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-23 18:11:06 125,136 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-23 19:38:33 125,136 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-23 18:11:06 144,862 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-03-23 19:38:34 144,862 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-03-23 18:11:06 665,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-23 19:38:34 665,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-23 18:11:06 24,472 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-03-23 19:38:34 24,472 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-03-23 18:08:40 8,120 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2214617537-3510346454-3790275366-1003_UserData.bin
+ 2008-03-23 19:33:53 8,538 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2214617537-3510346454-3790275366-1003_UserData.bin
- 2008-03-23 18:08:39 83,456 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-23 19:33:52 83,912 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-22 22:47:42 3,084 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-03-23 19:25:25 3,084 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-03-23 18:08:26 53,114 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-23 19:33:38 53,796 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:38 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 21:52 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 09:57 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 22:27 4702208 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 21:33 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 21:30 22696]
"Acer Tour"="" []
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 12:47 45056]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 20:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
"eRecoveryService"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:04 813840]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 18:33:55 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3A5CB2AD-123E-418A-A77E-C8193AA4AE83}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{698F80A5-5D09-468C-AED4-A0FF99C3D721}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{CD7C4856-5413-4AAA-BB23-A044DA77AC24}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{48721E0B-E441-48FA-946A-9151EB218353}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{7D399EC5-4345-46E8-AD51-DEBC4AA3E1FB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{5D96DD76-3A13-4440-976E-5F66D1449E53}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4054D991-9E19-4401-82FB-BAB4A202AC18}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{014B362E-7152-4DBC-8C3E-C598568AD58D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{78175FE5-5473-42B4-A5C5-5D489EA60B87}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D5FFB3C2-583A-4610-A13A-74775AB5C130}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4DAEDF99-939D-48EC-AD96-AD6D90B4AD16}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A080E02C-F5E5-4600-B9C3-ECBF0EF0E8B2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{C6C6904E-50EC-46CC-A876-1E107009A199}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{5EF88713-A0C0-4A5B-8A38-A180AAC09A2B}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{CE05B381-65B1-4EC2-A57D-63F9193A9246}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"TCP Query User{0448990B-05BD-471D-98DC-DB9AC4E0FB71}D:\\emul\\emule\\emule.exe"= UDP:D:\emul\emule\emule.exe:eMule
"UDP Query User{36A18557-FE8C-4B6B-92D2-E8CF3B6BF9AD}D:\\emul\\emule\\emule.exe"= TCP:D:\emul\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 18:04]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 00:11]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 17:18]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 09:46]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 17:39]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 08:10]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 19:12]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 21:18]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d697dd0-dc03-11dc-bd8f-000000000000}]
\shell\AutoRun\command - F:\autorun.exe
\shell\setup\command - F:\install.exe

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 19:49:13 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - mick.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-03-23 20:14:59 C:\Windows\Tasks\User_Feed_Synchronization-{76260F5B-093E-478A-BE04-78F628BA07E3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 21:18:17
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-23 21:19:04
ComboFix-quarantined-files.txt 2008-03-23 20:18:59
ComboFix2.txt 2008-03-23 17:31:15
.
2008-03-13 14:38:54 --- E O F ---
0
Réponse 13 / 40
mick360
 
ComboFix 08-03-22.3 - mick 2008-03-23 21:15:21.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.967 [GMT 1:00]
Endroit: C:\Users\mick\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\NetProject
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\sbmdl.dll
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbun.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\scu.exe
C:\Program Files\NetProject\ts.ico
C:\Program Files\NetProject\uninst.exe
C:\Program Files\NetProject\waun.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

2008-03-23 20:22 . 2008-03-23 20:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-23 18:40 . 2008-03-23 18:40 <REP> d-------- C:\Program Files\Trend Micro
2008-03-23 17:11 . 2008-03-23 17:12 <REP> d-------- C:\ComboFix[1]
2008-03-23 16:35 . 2008-03-23 16:35 <REP> d-------- C:\Program Files\Blender Foundation
2008-03-21 21:55 . 2008-03-21 21:55 <REP> d-------- C:\Program Files\ffdshow
2008-03-21 21:53 . 2008-03-21 21:53 <REP> d--h----- C:\Windows\msdownld.tmp
2008-03-21 21:53 . 2008-03-21 21:53 <REP> d-------- C:\Program Files\Windows Media Components
2008-03-21 21:52 . 2008-03-21 21:52 <REP> d-------- C:\Program Files\MMConvert
2008-03-21 21:52 . 2005-04-04 13:35 745,472 --a------ C:\Windows\System32\xvidcore.dll
2008-03-21 21:52 . 2005-11-24 10:58 440,320 --a------ C:\Windows\System32\x264vfw.dll
2008-03-21 21:52 . 2005-04-04 13:52 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-03-21 21:08 . 2008-03-21 21:08 <REP> d-------- C:\Users\mick\AppData\Roaming\STOIK
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\mick\AppData\Roaming\Grisoft
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\All Users\Grisoft
2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\ProgramData\Grisoft
2008-03-20 16:30 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-01 10:52 . 2008-03-01 10:52 <REP> d-------- C:\ATI
2008-03-01 09:32 . 1997-06-02 12:32 314,880 --a------ C:\Windows\IsUninst.exe
2008-02-28 03:01 . 2008-02-28 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\Users\All Users\Age of Empires 3
2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\ProgramData\Age of Empires 3
2008-02-27 17:47 . 2008-03-11 21:19 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
2008-02-27 16:27 . 2008-02-27 16:27 <REP> d-------- C:\Users\mick\ASIO4ALL v2
2008-02-26 21:27 . 2008-02-27 16:29 <REP> d-------- C:\Program Files\Image-Line
2008-02-26 21:27 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 19:47 --------- d-----w C:\Users\mick\AppData\Roaming\Skype
2008-03-23 19:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-23 19:30 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-23 19:29 --------- d-----w C:\Users\mick\AppData\Roaming\Hamachi
2008-03-23 19:29 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-23 19:29 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-23 19:29 --------- d-----w C:\Program Files\Microsoft Works
2008-03-23 19:29 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-23 19:29 --------- d-----w C:\Program Files\Google
2008-03-23 19:16 --------- d-----w C:\ProgramData\Symantec
2008-03-23 15:07 --------- d-----w C:\Users\mick\AppData\Roaming\skypePM
2008-03-21 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 19:19 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-27 16:13 --------- d-----w C:\Program Files\Microsoft Games
2008-02-22 14:45 --------- d-----w C:\Users\mick\AppData\Roaming\Propellerhead Software
2008-02-22 14:45 --------- d-----w C:\ProgramData\Propellerhead Software
2008-02-22 02:12 368,640 ----a-w C:\Windows\System32\ReWire.dll
2008-02-22 02:12 233,472 ----a-w C:\Windows\System32\REX Shared Library.dll
2008-02-16 09:07 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-15 22:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-02-15 21:09 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-15 21:05 22,328 ----a-w C:\Users\mick\AppData\Roaming\PnkBstrK.sys
2008-02-15 20:35 --------- d-----w C:\Program Files\Activision
2008-02-15 20:18 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 05:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 05:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 05:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 05:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 05:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 05:34 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 05:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 05:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 05:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 17:15 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-12 16:48 --------- d-----w C:\Program Files\pspvideo9
2008-02-12 16:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-27 00:48 --------- d-----w C:\Users\mick\AppData\Roaming\MessengerGadget
2008-01-24 21:22 --------- d-----w C:\Users\mick\AppData\Roaming\GRETECH
2008-01-24 21:22 --------- d-----w C:\ProgramData\GRETECH
2008-01-24 21:21 --------- d-----w C:\Program Files\GRETECH
2008-01-24 15:47 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-01-10 11:38 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-03 02:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-03 02:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-03 02:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-03 02:09 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-03 02:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-03 02:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-03 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-03 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-03 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-03 02:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-03 02:03 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-03 02:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-03 02:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-03 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-02 20:59 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-02 20:59 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-02 18:24 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-02 18:24 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-02 18:24 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-02 18:24 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-02 18:23 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-02 18:23 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-02 18:23 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-02 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-02 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-03-23_19.43.39.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-23 18:38:57 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-23 19:31:17 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-23 18:41:40 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-23 19:33:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-03-23 18:41:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-23 20:18:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-23 20:18:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-23 18:09:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-23 19:51:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-23 18:09:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-23 19:51:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-23 18:09:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-23 19:51:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-23 18:11:06 125,136 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-23 19:38:33 125,136 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-23 18:11:06 144,862 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-03-23 19:38:34 144,862 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-03-23 18:11:06 665,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-23 19:38:34 665,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-23 18:11:06 24,472 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-03-23 19:38:34 24,472 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-03-23 18:08:40 8,120 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2214617537-3510346454-3790275366-1003_UserData.bin
+ 2008-03-23 19:33:53 8,538 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2214617537-3510346454-3790275366-1003_UserData.bin
- 2008-03-23 18:08:39 83,456 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-23 19:33:52 83,912 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-22 22:47:42 3,084 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-03-23 19:25:25 3,084 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-03-23 18:08:26 53,114 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-23 19:33:38 53,796 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:38 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 21:52 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 09:57 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 22:27 4702208 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 21:33 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 21:30 22696]
"Acer Tour"="" []
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 12:47 45056]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 20:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
"eRecoveryService"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:04 813840]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 18:33:55 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3A5CB2AD-123E-418A-A77E-C8193AA4AE83}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{698F80A5-5D09-468C-AED4-A0FF99C3D721}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{CD7C4856-5413-4AAA-BB23-A044DA77AC24}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{48721E0B-E441-48FA-946A-9151EB218353}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{7D399EC5-4345-46E8-AD51-DEBC4AA3E1FB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{5D96DD76-3A13-4440-976E-5F66D1449E53}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4054D991-9E19-4401-82FB-BAB4A202AC18}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{014B362E-7152-4DBC-8C3E-C598568AD58D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{78175FE5-5473-42B4-A5C5-5D489EA60B87}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D5FFB3C2-583A-4610-A13A-74775AB5C130}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4DAEDF99-939D-48EC-AD96-AD6D90B4AD16}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A080E02C-F5E5-4600-B9C3-ECBF0EF0E8B2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{C6C6904E-50EC-46CC-A876-1E107009A199}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{5EF88713-A0C0-4A5B-8A38-A180AAC09A2B}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{CE05B381-65B1-4EC2-A57D-63F9193A9246}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"TCP Query User{0448990B-05BD-471D-98DC-DB9AC4E0FB71}D:\\emul\\emule\\emule.exe"= UDP:D:\emul\emule\emule.exe:eMule
"UDP Query User{36A18557-FE8C-4B6B-92D2-E8CF3B6BF9AD}D:\\emul\\emule\\emule.exe"= TCP:D:\emul\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 18:04]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 00:11]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 17:18]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 09:46]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 17:39]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 08:10]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 19:12]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 21:18]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d697dd0-dc03-11dc-bd8f-000000000000}]
\shell\AutoRun\command - F:\autorun.exe
\shell\setup\command - F:\install.exe

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 19:49:13 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - mick.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-03-23 20:14:59 C:\Windows\Tasks\User_Feed_Synchronization-{76260F5B-093E-478A-BE04-78F628BA07E3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 21:18:17
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-23 21:19:04
ComboFix-quarantined-files.txt 2008-03-23 20:18:59
ComboFix2.txt 2008-03-23 17:31:15
.
2008-03-13 14:38:54 --- E O F ---
0
Réponse 14 / 40
mick360
 
Dsl si j'ai etai longm ais j'ai eu quelque probleme avec mon bureau qui devenai tout noir mais bn c réglé la j ai plus le truc qui m enmerd et jai mon fond d ecran merci pour ton aide c'est super simpa ;)
0
Réponse 15 / 40
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ok mick360

post un nouveau hijack this stp

@+
0
Réponse 16 / 40
mick360
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:36, on 23/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142MXFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 17 / 40
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
re,

post un nouveau hijack this

celui ci est du : 18:40:36, on 23/03/2008

@+
0
Réponse 18 / 40
mick360
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:36, on 23/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142MXFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 19 / 40
mick360
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:36, on 23/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142MXFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 20 / 40
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
re,

passe cet anti spyware stp :

telecharge malwarebytes

-> http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm

tu l´instales, le programme va se mettre a jour automatiquement.

une fois a jour le programme va se lancer, clcik sur l´onglet parametre, tu coche la case : Arreter internet explorer pendant la suppression.

click sur l´onglet recherche maintenant et coche la case : executer un examun complet.

puis click sur rechercher.

laisses le scanner le pc, a la fin un rapport va s´ouvrir copie et colle le ici stp

@+
0

Discussions similaires

Créer une alerte sous Excel
Sandy -
Lex237 -

17 réponses
aidez moi probleme steam
FalconFive -
ToxicHayabusa -

9 réponses