Probleme avec une alerte spyware ...

Résolu
mick360 -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
Bon voila j'ai un probleme est je fais que cherché la solution je trouve pas .
j'explique ma situation...
j'ai u logiciel (je c'est pas d'ou il vien) mais il n'arrete pas de me dire que mon ordnateur est infecté par un spyware un petit icone jaune de forme triangulaire avex un point d'exclamation n'arrete pas de clinioté sur la barre d'outil inferieur droite . il me marque "secutrity alert:spyware found ..." et tout un tralala en anglais , quand je click dessu il menvoi plein de page internet et me propose de télécharger un antispyware (que je ne télécharge pas parceque a tout les coups c'est un virus...) j'ai fais un analise complete avec mon antivirus et mon antispyware (norton et AVG anti-spyware) j'ai rien trouvé a par mes cookie traceur
donc voila j'aimerai savoir si quelq'un peu maidé
merci d'avance
Configuration: Windows Vista
Firefox 2.0.0.12

40 réponses

  • 1
  • 2
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut mick360,

    oui c´est un logiciel espion, communement appelé rogue,

    on va s´en occuper :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    puis

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post les rapports générés ici stp...

    @+
    0
  2. mick360
     
    ComboFix 08-03-22.3 - mick 2008-03-23 18:27:54.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1027 [GMT 1:00]
    Endroit: C:\Users\mick\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Program Files\FunWebProducts
    C:\Program Files\Helper
    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.url
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.url
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Désinstaller.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.url
    C:\Users\mick\AppData\Local\gyrdvo.dat
    c:\users\mick\appdata\local\gyrdvo.exe
    c:\Users\mick\AppData\Local\gyrdvo_nav.dat
    c:\Users\mick\AppData\Local\gyrdvo_navps.dat
    C:\Windows\system32\f3PSSavr.scr
    C:\Windows\system32\nvs2.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-23 17:11 . 2008-03-23 17:12 <REP> d-------- C:\ComboFix[1]
    2008-03-23 16:35 . 2008-03-23 16:35 <REP> d-------- C:\Program Files\Blender Foundation
    2008-03-21 21:55 . 2008-03-21 21:55 <REP> d-------- C:\Program Files\ffdshow
    2008-03-21 21:53 . 2008-03-21 21:53 <REP> d--h----- C:\Windows\msdownld.tmp
    2008-03-21 21:53 . 2008-03-21 21:53 <REP> d-------- C:\Program Files\Windows Media Components
    2008-03-21 21:52 . 2008-03-21 21:52 <REP> d-------- C:\Program Files\MMConvert
    2008-03-21 21:52 . 2005-04-04 13:35 745,472 --a------ C:\Windows\System32\xvidcore.dll
    2008-03-21 21:52 . 2005-11-24 10:58 440,320 --a------ C:\Windows\System32\x264vfw.dll
    2008-03-21 21:52 . 2005-04-04 13:52 180,224 --a------ C:\Windows\System32\xvidvfw.dll
    2008-03-21 21:08 . 2008-03-21 21:08 <REP> d-------- C:\Users\mick\AppData\Roaming\STOIK
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\mick\AppData\Roaming\Grisoft
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\All Users\Grisoft
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\ProgramData\Grisoft
    2008-03-20 16:30 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
    2008-03-18 15:33 . 2008-03-23 08:57 <REP> d-------- C:\Program Files\NetProject
    2008-03-01 10:52 . 2008-03-01 10:52 <REP> d-------- C:\ATI
    2008-03-01 09:32 . 1997-06-02 12:32 314,880 --a------ C:\Windows\IsUninst.exe
    2008-02-28 03:01 . 2008-02-28 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\Users\All Users\Age of Empires 3
    2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\ProgramData\Age of Empires 3
    2008-02-27 17:47 . 2008-03-11 21:19 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
    2008-02-27 16:27 . 2008-02-27 16:27 <REP> d-------- C:\Users\mick\ASIO4ALL v2
    2008-02-26 21:27 . 2008-02-27 16:29 <REP> d-------- C:\Program Files\Image-Line
    2008-02-26 21:27 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-23 17:27 --------- d-----w C:\Users\mick\AppData\Roaming\Skype
    2008-03-23 15:07 --------- d-----w C:\Users\mick\AppData\Roaming\skypePM
    2008-03-23 14:50 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-21 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-21 19:19 --------- d-----w C:\Program Files\DAEMON Tools
    2008-03-21 11:28 --------- d-----w C:\Program Files\Norton Security Scan
    2008-03-21 10:14 --------- d-----w C:\Users\mick\AppData\Roaming\Hamachi
    2008-03-20 14:34 --------- d-----w C:\ProgramData\Microsoft Help
    2008-03-20 14:34 --------- d-----w C:\Program Files\Microsoft Works
    2008-03-20 14:34 --------- d-----w C:\Program Files\Google
    2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Skype
    2008-03-20 13:27 --------- d-----w C:\ProgramData\Symantec
    2008-02-27 16:13 --------- d-----w C:\Program Files\Microsoft Games
    2008-02-22 14:45 --------- d-----w C:\Users\mick\AppData\Roaming\Propellerhead Software
    2008-02-22 14:45 --------- d-----w C:\ProgramData\Propellerhead Software
    2008-02-22 02:12 368,640 ----a-w C:\Windows\System32\ReWire.dll
    2008-02-22 02:12 233,472 ----a-w C:\Windows\System32\REX Shared Library.dll
    2008-02-16 09:07 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-02-15 22:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-02-15 21:09 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-02-15 21:05 22,328 ----a-w C:\Users\mick\AppData\Roaming\PnkBstrK.sys
    2008-02-15 20:35 --------- d-----w C:\Program Files\Activision
    2008-02-15 20:18 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 05:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 05:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 05:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 05:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 05:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 05:34 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 05:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 05:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 05:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-13 17:15 --------- d-----w C:\Program Files\Norton Internet Security
    2008-02-12 16:48 --------- d-----w C:\Program Files\pspvideo9
    2008-02-12 16:48 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-27 00:48 --------- d-----w C:\Users\mick\AppData\Roaming\MessengerGadget
    2008-01-24 21:22 --------- d-----w C:\Users\mick\AppData\Roaming\GRETECH
    2008-01-24 21:22 --------- d-----w C:\ProgramData\GRETECH
    2008-01-24 21:21 --------- d-----w C:\Program Files\GRETECH
    2008-01-24 15:47 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
    2008-01-10 11:38 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-03 02:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-03 02:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-03 02:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-03 02:09 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-01-03 02:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-03 02:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-03 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-01-03 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-03 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-03 02:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-01-03 02:03 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-01-03 02:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-01-03 02:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-01-03 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2008-01-02 20:59 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-01-02 20:59 32 ----a-w C:\ProgramData\ezsid.dat
    2008-01-02 18:24 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2008-01-02 18:24 43,352 ----a-w C:\Windows\System32\wups2.dll
    2008-01-02 18:24 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2008-01-02 18:24 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    2008-01-02 18:23 80,896 ----a-w C:\Windows\System32\wudriver.dll
    2008-01-02 18:23 549,720 ----a-w C:\Windows\System32\wuapi.dll
    2008-01-02 18:23 33,624 ----a-w C:\Windows\System32\wups.dll
    2008-01-02 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-01-02 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
    2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-23_17.31.29.96 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-23 16:29:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-23 17:30:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-23 17:30:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-03-23 14:44:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-23 16:32:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-03-23 14:31:55 125,136 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-03-23 16:33:21 125,136 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-03-23 14:31:55 144,862 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-03-23 16:33:21 144,862 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-03-23 14:31:55 665,178 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-03-23 16:33:21 665,178 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-03-23 14:31:55 24,472 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-03-23 16:33:21 24,472 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-03-23 14:27:27 83,094 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-03-23 16:31:07 83,330 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-03-20 14:48:21 52,258 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-03-23 16:31:00 53,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
    2008-03-18 15:33 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:38 1232896]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 21:52 171448]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 09:57 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 22:27 4702208 C:\Windows\RtHDVCpl.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 21:33 107112]
    "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 21:30 22696]
    "Acer Tour"="" []
    "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 12:47 45056]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 20:01 71216]
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    Re,

    repost le rapport de combofix, car il n´est pas entier, et post egalement le rapport de hijack this comme je te l´avais demandé...

    @+
    0
  4. mick360
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:40:36, on 23/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\pspvideo9\pspVideo9.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142MXFR
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    peux tu reposter le rapport de combofix car il n´etait pas complet

    C:\Combofix.txt

    @+
    0
  7. mick360
     
    ComboFix 08-03-22.3 - mick 2008-03-23 18:27:54.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1027 [GMT 1:00]
    Endroit: C:\Users\mick\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Program Files\FunWebProducts
    C:\Program Files\Helper
    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.url
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.url
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Désinstaller.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.url
    C:\Users\mick\AppData\Local\gyrdvo.dat
    c:\users\mick\appdata\local\gyrdvo.exe
    c:\Users\mick\AppData\Local\gyrdvo_nav.dat
    c:\Users\mick\AppData\Local\gyrdvo_navps.dat
    C:\Windows\system32\f3PSSavr.scr
    C:\Windows\system32\nvs2.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-23 17:11 . 2008-03-23 17:12 <REP> d-------- C:\ComboFix[1]
    2008-03-23 16:35 . 2008-03-23 16:35 <REP> d-------- C:\Program Files\Blender Foundation
    2008-03-21 21:55 . 2008-03-21 21:55 <REP> d-------- C:\Program Files\ffdshow
    2008-03-21 21:53 . 2008-03-21 21:53 <REP> d--h----- C:\Windows\msdownld.tmp
    2008-03-21 21:53 . 2008-03-21 21:53 <REP> d-------- C:\Program Files\Windows Media Components
    2008-03-21 21:52 . 2008-03-21 21:52 <REP> d-------- C:\Program Files\MMConvert
    2008-03-21 21:52 . 2005-04-04 13:35 745,472 --a------ C:\Windows\System32\xvidcore.dll
    2008-03-21 21:52 . 2005-11-24 10:58 440,320 --a------ C:\Windows\System32\x264vfw.dll
    2008-03-21 21:52 . 2005-04-04 13:52 180,224 --a------ C:\Windows\System32\xvidvfw.dll
    2008-03-21 21:08 . 2008-03-21 21:08 <REP> d-------- C:\Users\mick\AppData\Roaming\STOIK
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\mick\AppData\Roaming\Grisoft
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\All Users\Grisoft
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\ProgramData\Grisoft
    2008-03-20 16:30 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
    2008-03-18 15:33 . 2008-03-23 08:57 <REP> d-------- C:\Program Files\NetProject
    2008-03-01 10:52 . 2008-03-01 10:52 <REP> d-------- C:\ATI
    2008-03-01 09:32 . 1997-06-02 12:32 314,880 --a------ C:\Windows\IsUninst.exe
    2008-02-28 03:01 . 2008-02-28 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\Users\All Users\Age of Empires 3
    2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\ProgramData\Age of Empires 3
    2008-02-27 17:47 . 2008-03-11 21:19 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
    2008-02-27 16:27 . 2008-02-27 16:27 <REP> d-------- C:\Users\mick\ASIO4ALL v2
    2008-02-26 21:27 . 2008-02-27 16:29 <REP> d-------- C:\Program Files\Image-Line
    2008-02-26 21:27 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-23 17:27 --------- d-----w C:\Users\mick\AppData\Roaming\Skype
    2008-03-23 15:07 --------- d-----w C:\Users\mick\AppData\Roaming\skypePM
    2008-03-23 14:50 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-21 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-21 19:19 --------- d-----w C:\Program Files\DAEMON Tools
    2008-03-21 11:28 --------- d-----w C:\Program Files\Norton Security Scan
    2008-03-21 10:14 --------- d-----w C:\Users\mick\AppData\Roaming\Hamachi
    2008-03-20 14:34 --------- d-----w C:\ProgramData\Microsoft Help
    2008-03-20 14:34 --------- d-----w C:\Program Files\Microsoft Works
    2008-03-20 14:34 --------- d-----w C:\Program Files\Google
    2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Skype
    2008-03-20 13:27 --------- d-----w C:\ProgramData\Symantec
    2008-02-27 16:13 --------- d-----w C:\Program Files\Microsoft Games
    2008-02-22 14:45 --------- d-----w C:\Users\mick\AppData\Roaming\Propellerhead Software
    2008-02-22 14:45 --------- d-----w C:\ProgramData\Propellerhead Software
    2008-02-22 02:12 368,640 ----a-w C:\Windows\System32\ReWire.dll
    2008-02-22 02:12 233,472 ----a-w C:\Windows\System32\REX Shared Library.dll
    2008-02-16 09:07 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-02-15 22:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-02-15 21:09 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-02-15 21:05 22,328 ----a-w C:\Users\mick\AppData\Roaming\PnkBstrK.sys
    2008-02-15 20:35 --------- d-----w C:\Program Files\Activision
    2008-02-15 20:18 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 05:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 05:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 05:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 05:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 05:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 05:34 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 05:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 05:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 05:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-13 17:15 --------- d-----w C:\Program Files\Norton Internet Security
    2008-02-12 16:48 --------- d-----w C:\Program Files\pspvideo9
    2008-02-12 16:48 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-27 00:48 --------- d-----w C:\Users\mick\AppData\Roaming\MessengerGadget
    2008-01-24 21:22 --------- d-----w C:\Users\mick\AppData\Roaming\GRETECH
    2008-01-24 21:22 --------- d-----w C:\ProgramData\GRETECH
    2008-01-24 21:21 --------- d-----w C:\Program Files\GRETECH
    2008-01-24 15:47 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
    2008-01-10 11:38 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-03 02:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-03 02:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-03 02:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-03 02:09 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-01-03 02:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-03 02:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-03 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-01-03 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-03 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-03 02:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-01-03 02:03 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-01-03 02:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-01-03 02:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-01-03 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2008-01-02 20:59 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-01-02 20:59 32 ----a-w C:\ProgramData\ezsid.dat
    2008-01-02 18:24 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2008-01-02 18:24 43,352 ----a-w C:\Windows\System32\wups2.dll
    2008-01-02 18:24 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2008-01-02 18:24 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    2008-01-02 18:23 80,896 ----a-w C:\Windows\System32\wudriver.dll
    2008-01-02 18:23 549,720 ----a-w C:\Windows\System32\wuapi.dll
    2008-01-02 18:23 33,624 ----a-w C:\Windows\System32\wups.dll
    2008-01-02 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-01-02 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
    2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-23_17.31.29.96 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-23 16:29:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-23 17:30:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-23 17:30:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-03-23 14:44:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-23 16:32:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-03-23 14:31:55 125,136 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-03-23 16:33:21 125,136 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-03-23 14:31:55 144,862 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-03-23 16:33:21 144,862 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-03-23 14:31:55 665,178 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-03-23 16:33:21 665,178 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-03-23 14:31:55 24,472 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-03-23 16:33:21 24,472 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-03-23 14:27:27 83,094 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-03-23 16:31:07 83,330 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-03-20 14:48:21 52,258 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-03-23 16:31:00 53,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
    2008-03-18 15:33 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:38 1232896]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 21:52 171448]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 09:57 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 22:27 4702208 C:\Windows\RtHDVCpl.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 21:33 107112]
    "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 21:30 22696]
    "Acer Tour"="" []
    "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 12:47 45056]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 20:01 71216]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
    "eRecoveryService"="" []
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:04 813840]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
    "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
    "PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 18:33:55 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3A5CB2AD-123E-418A-A77E-C8193AA4AE83}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{698F80A5-5D09-468C-AED4-A0FF99C3D721}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{CD7C4856-5413-4AAA-BB23-A044DA77AC24}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{48721E0B-E441-48FA-946A-9151EB218353}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{7D399EC5-4345-46E8-AD51-DEBC4AA3E1FB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "{5D96DD76-3A13-4440-976E-5F66D1449E53}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{4054D991-9E19-4401-82FB-BAB4A202AC18}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{014B362E-7152-4DBC-8C3E-C598568AD58D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{78175FE5-5473-42B4-A5C5-5D489EA60B87}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{D5FFB3C2-583A-4610-A13A-74775AB5C130}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{4DAEDF99-939D-48EC-AD96-AD6D90B4AD16}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{A080E02C-F5E5-4600-B9C3-ECBF0EF0E8B2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{C6C6904E-50EC-46CC-A876-1E107009A199}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{5EF88713-A0C0-4A5B-8A38-A180AAC09A2B}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
    "{CE05B381-65B1-4EC2-A57D-63F9193A9246}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
    "TCP Query User{0448990B-05BD-471D-98DC-DB9AC4E0FB71}D:\\emul\\emule\\emule.exe"= UDP:D:\emul\emule\emule.exe:eMule
    "UDP Query User{36A18557-FE8C-4B6B-92D2-E8CF3B6BF9AD}D:\\emul\\emule\\emule.exe"= TCP:D:\emul\emule\emule.exe:eMule

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 18:04]
    R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 00:11]
    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 17:18]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51]
    R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 09:46]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
    R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 17:39]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 08:10]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 19:12]
    S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
    S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
    S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 21:18]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d697dd0-dc03-11dc-bd8f-000000000000}]
    \shell\AutoRun\command - F:\autorun.exe
    \shell\setup\command - F:\install.exe

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-21 19:49:13 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - mick.job"
    - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
    "2008-03-23 17:30:00 C:\Windows\Tasks\User_Feed_Synchronization-{76260F5B-093E-478A-BE04-78F628BA07E3}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-23 18:30:26
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-23 18:31:14
    ComboFix-quarantined-files.txt 2008-03-23 17:31:09
    .
    2008-03-13 14:38:54 --- E O F ---
    0
  8. mick360
     
    ComboFix 08-03-22.3 - mick 2008-03-23 18:27:54.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1027 [GMT 1:00]
    Endroit: C:\Users\mick\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Program Files\FunWebProducts
    C:\Program Files\Helper
    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.url
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.url
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Désinstaller.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.url
    C:\Users\mick\AppData\Local\gyrdvo.dat
    c:\users\mick\appdata\local\gyrdvo.exe
    c:\Users\mick\AppData\Local\gyrdvo_nav.dat
    c:\Users\mick\AppData\Local\gyrdvo_navps.dat
    C:\Windows\system32\f3PSSavr.scr
    C:\Windows\system32\nvs2.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-23 17:11 . 2008-03-23 17:12 <REP> d-------- C:\ComboFix[1]
    2008-03-23 16:35 . 2008-03-23 16:35 <REP> d-------- C:\Program Files\Blender Foundation
    2008-03-21 21:55 . 2008-03-21 21:55 <REP> d-------- C:\Program Files\ffdshow
    2008-03-21 21:53 . 2008-03-21 21:53 <REP> d--h----- C:\Windows\msdownld.tmp
    2008-03-21 21:53 . 2008-03-21 21:53 <REP> d-------- C:\Program Files\Windows Media Components
    2008-03-21 21:52 . 2008-03-21 21:52 <REP> d-------- C:\Program Files\MMConvert
    2008-03-21 21:52 . 2005-04-04 13:35 745,472 --a------ C:\Windows\System32\xvidcore.dll
    2008-03-21 21:52 . 2005-11-24 10:58 440,320 --a------ C:\Windows\System32\x264vfw.dll
    2008-03-21 21:52 . 2005-04-04 13:52 180,224 --a------ C:\Windows\System32\xvidvfw.dll
    2008-03-21 21:08 . 2008-03-21 21:08 <REP> d-------- C:\Users\mick\AppData\Roaming\STOIK
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\mick\AppData\Roaming\Grisoft
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\All Users\Grisoft
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\ProgramData\Grisoft
    2008-03-20 16:30 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
    2008-03-18 15:33 . 2008-03-23 08:57 <REP> d-------- C:\Program Files\NetProject
    2008-03-01 10:52 . 2008-03-01 10:52 <REP> d-------- C:\ATI
    2008-03-01 09:32 . 1997-06-02 12:32 314,880 --a------ C:\Windows\IsUninst.exe
    2008-02-28 03:01 . 2008-02-28 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\Users\All Users\Age of Empires 3
    2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\ProgramData\Age of Empires 3
    2008-02-27 17:47 . 2008-03-11 21:19 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
    2008-02-27 16:27 . 2008-02-27 16:27 <REP> d-------- C:\Users\mick\ASIO4ALL v2
    2008-02-26 21:27 . 2008-02-27 16:29 <REP> d-------- C:\Program Files\Image-Line
    2008-02-26 21:27 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-23 17:27 --------- d-----w C:\Users\mick\AppData\Roaming\Skype
    2008-03-23 15:07 --------- d-----w C:\Users\mick\AppData\Roaming\skypePM
    2008-03-23 14:50 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-21 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-21 19:19 --------- d-----w C:\Program Files\DAEMON Tools
    2008-03-21 11:28 --------- d-----w C:\Program Files\Norton Security Scan
    2008-03-21 10:14 --------- d-----w C:\Users\mick\AppData\Roaming\Hamachi
    2008-03-20 14:34 --------- d-----w C:\ProgramData\Microsoft Help
    2008-03-20 14:34 --------- d-----w C:\Program Files\Microsoft Works
    2008-03-20 14:34 --------- d-----w C:\Program Files\Google
    2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-20 14:34 --------- d-----w C:\Program Files\Common Files\Skype
    2008-03-20 13:27 --------- d-----w C:\ProgramData\Symantec
    2008-02-27 16:13 --------- d-----w C:\Program Files\Microsoft Games
    2008-02-22 14:45 --------- d-----w C:\Users\mick\AppData\Roaming\Propellerhead Software
    2008-02-22 14:45 --------- d-----w C:\ProgramData\Propellerhead Software
    2008-02-22 02:12 368,640 ----a-w C:\Windows\System32\ReWire.dll
    2008-02-22 02:12 233,472 ----a-w C:\Windows\System32\REX Shared Library.dll
    2008-02-16 09:07 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-02-15 22:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-02-15 21:09 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-02-15 21:05 22,328 ----a-w C:\Users\mick\AppData\Roaming\PnkBstrK.sys
    2008-02-15 20:35 --------- d-----w C:\Program Files\Activision
    2008-02-15 20:18 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 05:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 05:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 05:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 05:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 05:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 05:34 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 05:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 05:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 05:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-13 17:15 --------- d-----w C:\Program Files\Norton Internet Security
    2008-02-12 16:48 --------- d-----w C:\Program Files\pspvideo9
    2008-02-12 16:48 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-27 00:48 --------- d-----w C:\Users\mick\AppData\Roaming\MessengerGadget
    2008-01-24 21:22 --------- d-----w C:\Users\mick\AppData\Roaming\GRETECH
    2008-01-24 21:22 --------- d-----w C:\ProgramData\GRETECH
    2008-01-24 21:21 --------- d-----w C:\Program Files\GRETECH
    2008-01-24 15:47 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
    2008-01-10 11:38 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-03 02:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-03 02:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-03 02:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-03 02:09 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-01-03 02:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-03 02:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-03 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-01-03 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-03 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-03 02:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-01-03 02:03 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-01-03 02:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-01-03 02:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-01-03 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2008-01-02 20:59 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-01-02 20:59 32 ----a-w C:\ProgramData\ezsid.dat
    2008-01-02 18:24 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2008-01-02 18:24 43,352 ----a-w C:\Windows\System32\wups2.dll
    2008-01-02 18:24 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2008-01-02 18:24 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    2008-01-02 18:23 80,896 ----a-w C:\Windows\System32\wudriver.dll
    2008-01-02 18:23 549,720 ----a-w C:\Windows\System32\wuapi.dll
    2008-01-02 18:23 33,624 ----a-w C:\Windows\System32\wups.dll
    2008-01-02 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-01-02 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
    2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-23_17.31.29.96 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-23 16:29:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-23 17:30:15 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-23 17:30:15 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-03-23 14:44:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-23 16:32:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-03-23 14:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-03-23 16:32:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-03-23 14:31:55 125,136 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-03-23 16:33:21 125,136 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-03-23 14:31:55 144,862 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-03-23 16:33:21 144,862 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-03-23 14:31:55 665,178 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-03-23 16:33:21 665,178 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-03-23 14:31:55 24,472 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-03-23 16:33:21 24,472 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-03-23 14:27:27 83,094 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-03-23 16:31:07 83,330 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-03-20 14:48:21 52,258 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-03-23 16:31:00 53,000 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
    2008-03-18 15:33 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:38 1232896]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 21:52 171448]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 09:57 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 22:27 4702208 C:\Windows\RtHDVCpl.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 21:33 107112]
    "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 21:30 22696]
    "Acer Tour"="" []
    "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 12:47 45056]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 20:01 71216]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
    "eRecoveryService"="" []
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:04 813840]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
    "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
    "PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 18:33:55 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3A5CB2AD-123E-418A-A77E-C8193AA4AE83}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{698F80A5-5D09-468C-AED4-A0FF99C3D721}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{CD7C4856-5413-4AAA-BB23-A044DA77AC24}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{48721E0B-E441-48FA-946A-9151EB218353}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{7D399EC5-4345-46E8-AD51-DEBC4AA3E1FB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "{5D96DD76-3A13-4440-976E-5F66D1449E53}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{4054D991-9E19-4401-82FB-BAB4A202AC18}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{014B362E-7152-4DBC-8C3E-C598568AD58D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{78175FE5-5473-42B4-A5C5-5D489EA60B87}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{D5FFB3C2-583A-4610-A13A-74775AB5C130}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{4DAEDF99-939D-48EC-AD96-AD6D90B4AD16}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{A080E02C-F5E5-4600-B9C3-ECBF0EF0E8B2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{C6C6904E-50EC-46CC-A876-1E107009A199}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{5EF88713-A0C0-4A5B-8A38-A180AAC09A2B}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
    "{CE05B381-65B1-4EC2-A57D-63F9193A9246}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
    "TCP Query User{0448990B-05BD-471D-98DC-DB9AC4E0FB71}D:\\emul\\emule\\emule.exe"= UDP:D:\emul\emule\emule.exe:eMule
    "UDP Query User{36A18557-FE8C-4B6B-92D2-E8CF3B6BF9AD}D:\\emul\\emule\\emule.exe"= TCP:D:\emul\emule\emule.exe:eMule

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 18:04]
    R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 00:11]
    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 17:18]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51]
    R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 09:46]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
    R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 17:39]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 08:10]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 19:12]
    S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
    S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
    S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 21:18]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d697dd0-dc03-11dc-bd8f-000000000000}]
    \shell\AutoRun\command - F:\autorun.exe
    \shell\setup\command - F:\install.exe

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-21 19:49:13 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - mick.job"
    - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
    "2008-03-23 17:30:00 C:\Windows\Tasks\User_Feed_Synchronization-{76260F5B-093E-478A-BE04-78F628BA07E3}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-23 18:30:26
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-23 18:31:14
    ComboFix-quarantined-files.txt 2008-03-23 17:31:09
    .
    2008-03-13 14:38:54 --- E O F ---
    0
  9. mick360
     
    voila tou est la ... merci de ton aide
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    la suite :

    A l´aide de hijack this coche et fix les lignes suivantes :

    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142MXFR
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    fais analyser ceci :

    C:\Windows\PLFSet.dll

    sur ce site :

    http://virusscan.jotti.org/de/

    tu l´upload en clickant sur parcourir, le laisse l´analyser et copie et colle le resultat ici

    puis

    Copie le texte ci-dessous :

    Folder::
    C:\Program Files\NetProject
    C:\PROGRA~1\MYWEBS~1\bar

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "My Web Search Bar Search Scope Monitor"=-

    Driver::
    MyWebSearchService

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  11. mick360
     
    Datei: PLFSet.dll
    Auslastung: 0% 100%

    Status: OK (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)
    Entdeckte Packprogramme: -
    Bit9 rapportiert: File not found

    A-Squared Keine Viren gefunden
    AntiVir Keine Viren gefunden
    ArcaVir Keine Viren gefunden
    Avast Keine Viren gefunden
    AVG Antivirus Keine Viren gefunden
    BitDefender Keine Viren gefunden
    ClamAV Keine Viren gefunden
    CPsecure Keine Viren gefunden
    Dr.Web Keine Viren gefunden
    F-Prot Antivirus Keine Viren gefunden
    F-Secure Anti-Virus Keine Viren gefunden
    Fortinet Keine Viren gefunden
    Ikarus Keine Viren gefunden
    Kaspersky Anti-Virus Keine Viren gefunden
    NOD32 Keine Viren gefunden
    Norman Virus Control Keine Viren gefunden
    Panda Antivirus Keine Viren gefunden
    Rising Antivirus Keine Viren gefunden
    Sophos Antivirus Keine Viren gefunden
    VirusBuster Keine Viren gefunden
    VBA32 Keine Viren gefunden
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok fais la suite ;-)
    @+
    0
  13. mick360
     
    ComboFix 08-03-22.3 - mick 2008-03-23 21:15:21.4 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.967 [GMT 1:00]
    Endroit: C:\Users\mick\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Program Files\NetProject
    C:\Program Files\NetProject\ot.ico
    C:\Program Files\NetProject\sbmdl.dll
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\sbun.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\NetProject\scu.exe
    C:\Program Files\NetProject\ts.ico
    C:\Program Files\NetProject\uninst.exe
    C:\Program Files\NetProject\waun.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_MyWebSearchService

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-23 20:22 . 2008-03-23 20:22 <REP> d-------- C:\Program Files\CCleaner
    2008-03-23 18:40 . 2008-03-23 18:40 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-23 17:11 . 2008-03-23 17:12 <REP> d-------- C:\ComboFix[1]
    2008-03-23 16:35 . 2008-03-23 16:35 <REP> d-------- C:\Program Files\Blender Foundation
    2008-03-21 21:55 . 2008-03-21 21:55 <REP> d-------- C:\Program Files\ffdshow
    2008-03-21 21:53 . 2008-03-21 21:53 <REP> d--h----- C:\Windows\msdownld.tmp
    2008-03-21 21:53 . 2008-03-21 21:53 <REP> d-------- C:\Program Files\Windows Media Components
    2008-03-21 21:52 . 2008-03-21 21:52 <REP> d-------- C:\Program Files\MMConvert
    2008-03-21 21:52 . 2005-04-04 13:35 745,472 --a------ C:\Windows\System32\xvidcore.dll
    2008-03-21 21:52 . 2005-11-24 10:58 440,320 --a------ C:\Windows\System32\x264vfw.dll
    2008-03-21 21:52 . 2005-04-04 13:52 180,224 --a------ C:\Windows\System32\xvidvfw.dll
    2008-03-21 21:08 . 2008-03-21 21:08 <REP> d-------- C:\Users\mick\AppData\Roaming\STOIK
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\mick\AppData\Roaming\Grisoft
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\All Users\Grisoft
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\ProgramData\Grisoft
    2008-03-20 16:30 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
    2008-03-01 10:52 . 2008-03-01 10:52 <REP> d-------- C:\ATI
    2008-03-01 09:32 . 1997-06-02 12:32 314,880 --a------ C:\Windows\IsUninst.exe
    2008-02-28 03:01 . 2008-02-28 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\Users\All Users\Age of Empires 3
    2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\ProgramData\Age of Empires 3
    2008-02-27 17:47 . 2008-03-11 21:19 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
    2008-02-27 16:27 . 2008-02-27 16:27 <REP> d-------- C:\Users\mick\ASIO4ALL v2
    2008-02-26 21:27 . 2008-02-27 16:29 <REP> d-------- C:\Program Files\Image-Line
    2008-02-26 21:27 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-23 19:47 --------- d-----w C:\Users\mick\AppData\Roaming\Skype
    2008-03-23 19:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-23 19:30 --------- d-----w C:\Program Files\Common Files\Skype
    2008-03-23 19:29 --------- d-----w C:\Users\mick\AppData\Roaming\Hamachi
    2008-03-23 19:29 --------- d-----w C:\ProgramData\Microsoft Help
    2008-03-23 19:29 --------- d-----w C:\Program Files\Norton Security Scan
    2008-03-23 19:29 --------- d-----w C:\Program Files\Microsoft Works
    2008-03-23 19:29 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-23 19:29 --------- d-----w C:\Program Files\Google
    2008-03-23 19:16 --------- d-----w C:\ProgramData\Symantec
    2008-03-23 15:07 --------- d-----w C:\Users\mick\AppData\Roaming\skypePM
    2008-03-21 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-21 19:19 --------- d-----w C:\Program Files\DAEMON Tools
    2008-02-27 16:13 --------- d-----w C:\Program Files\Microsoft Games
    2008-02-22 14:45 --------- d-----w C:\Users\mick\AppData\Roaming\Propellerhead Software
    2008-02-22 14:45 --------- d-----w C:\ProgramData\Propellerhead Software
    2008-02-22 02:12 368,640 ----a-w C:\Windows\System32\ReWire.dll
    2008-02-22 02:12 233,472 ----a-w C:\Windows\System32\REX Shared Library.dll
    2008-02-16 09:07 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-02-15 22:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-02-15 21:09 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-02-15 21:05 22,328 ----a-w C:\Users\mick\AppData\Roaming\PnkBstrK.sys
    2008-02-15 20:35 --------- d-----w C:\Program Files\Activision
    2008-02-15 20:18 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 05:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 05:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 05:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 05:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 05:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 05:34 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 05:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 05:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 05:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-13 17:15 --------- d-----w C:\Program Files\Norton Internet Security
    2008-02-12 16:48 --------- d-----w C:\Program Files\pspvideo9
    2008-02-12 16:48 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-27 00:48 --------- d-----w C:\Users\mick\AppData\Roaming\MessengerGadget
    2008-01-24 21:22 --------- d-----w C:\Users\mick\AppData\Roaming\GRETECH
    2008-01-24 21:22 --------- d-----w C:\ProgramData\GRETECH
    2008-01-24 21:21 --------- d-----w C:\Program Files\GRETECH
    2008-01-24 15:47 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
    2008-01-10 11:38 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-03 02:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-03 02:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-03 02:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-03 02:09 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-01-03 02:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-03 02:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-03 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-01-03 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-03 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-03 02:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-01-03 02:03 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-01-03 02:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-01-03 02:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-01-03 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2008-01-02 20:59 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-01-02 20:59 32 ----a-w C:\ProgramData\ezsid.dat
    2008-01-02 18:24 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2008-01-02 18:24 43,352 ----a-w C:\Windows\System32\wups2.dll
    2008-01-02 18:24 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2008-01-02 18:24 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    2008-01-02 18:23 80,896 ----a-w C:\Windows\System32\wudriver.dll
    2008-01-02 18:23 549,720 ----a-w C:\Windows\System32\wuapi.dll
    2008-01-02 18:23 33,624 ----a-w C:\Windows\System32\wups.dll
    2008-01-02 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-01-02 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
    2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((( snapshot_2008-03-23_19.43.39.45 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-23 18:38:57 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-03-23 19:31:17 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-03-23 18:41:40 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-03-23 19:33:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    - 2008-03-23 18:41:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-23 20:18:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-23 20:18:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-03-23 18:09:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-23 19:51:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-03-23 18:09:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-23 19:51:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-03-23 18:09:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-03-23 19:51:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-03-23 18:11:06 125,136 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-03-23 19:38:33 125,136 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-03-23 18:11:06 144,862 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-03-23 19:38:34 144,862 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-03-23 18:11:06 665,178 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-03-23 19:38:34 665,178 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-03-23 18:11:06 24,472 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-03-23 19:38:34 24,472 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-03-23 18:08:40 8,120 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2214617537-3510346454-3790275366-1003_UserData.bin
    + 2008-03-23 19:33:53 8,538 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2214617537-3510346454-3790275366-1003_UserData.bin
    - 2008-03-23 18:08:39 83,456 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-03-23 19:33:52 83,912 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-03-22 22:47:42 3,084 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    + 2008-03-23 19:25:25 3,084 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-03-23 18:08:26 53,114 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-03-23 19:33:38 53,796 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:38 1232896]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 21:52 171448]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 09:57 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 22:27 4702208 C:\Windows\RtHDVCpl.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 21:33 107112]
    "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 21:30 22696]
    "Acer Tour"="" []
    "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 12:47 45056]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 20:01 71216]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
    "eRecoveryService"="" []
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:04 813840]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
    "PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 18:33:55 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3A5CB2AD-123E-418A-A77E-C8193AA4AE83}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{698F80A5-5D09-468C-AED4-A0FF99C3D721}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{CD7C4856-5413-4AAA-BB23-A044DA77AC24}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{48721E0B-E441-48FA-946A-9151EB218353}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{7D399EC5-4345-46E8-AD51-DEBC4AA3E1FB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "{5D96DD76-3A13-4440-976E-5F66D1449E53}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{4054D991-9E19-4401-82FB-BAB4A202AC18}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{014B362E-7152-4DBC-8C3E-C598568AD58D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{78175FE5-5473-42B4-A5C5-5D489EA60B87}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{D5FFB3C2-583A-4610-A13A-74775AB5C130}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{4DAEDF99-939D-48EC-AD96-AD6D90B4AD16}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{A080E02C-F5E5-4600-B9C3-ECBF0EF0E8B2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{C6C6904E-50EC-46CC-A876-1E107009A199}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{5EF88713-A0C0-4A5B-8A38-A180AAC09A2B}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
    "{CE05B381-65B1-4EC2-A57D-63F9193A9246}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
    "TCP Query User{0448990B-05BD-471D-98DC-DB9AC4E0FB71}D:\\emul\\emule\\emule.exe"= UDP:D:\emul\emule\emule.exe:eMule
    "UDP Query User{36A18557-FE8C-4B6B-92D2-E8CF3B6BF9AD}D:\\emul\\emule\\emule.exe"= TCP:D:\emul\emule\emule.exe:eMule

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 18:04]
    R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 00:11]
    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 17:18]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51]
    R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 09:46]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
    R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 17:39]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 08:10]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 19:12]
    S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
    S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 21:18]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d697dd0-dc03-11dc-bd8f-000000000000}]
    \shell\AutoRun\command - F:\autorun.exe
    \shell\setup\command - F:\install.exe

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-21 19:49:13 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - mick.job"
    - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
    "2008-03-23 20:14:59 C:\Windows\Tasks\User_Feed_Synchronization-{76260F5B-093E-478A-BE04-78F628BA07E3}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-23 21:18:17
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-23 21:19:04
    ComboFix-quarantined-files.txt 2008-03-23 20:18:59
    ComboFix2.txt 2008-03-23 17:31:15
    .
    2008-03-13 14:38:54 --- E O F ---
    0
  14. mick360
     
    ComboFix 08-03-22.3 - mick 2008-03-23 21:15:21.4 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.967 [GMT 1:00]
    Endroit: C:\Users\mick\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Program Files\NetProject
    C:\Program Files\NetProject\ot.ico
    C:\Program Files\NetProject\sbmdl.dll
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\sbun.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\NetProject\scu.exe
    C:\Program Files\NetProject\ts.ico
    C:\Program Files\NetProject\uninst.exe
    C:\Program Files\NetProject\waun.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_MyWebSearchService

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-23 20:22 . 2008-03-23 20:22 <REP> d-------- C:\Program Files\CCleaner
    2008-03-23 18:40 . 2008-03-23 18:40 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-23 17:11 . 2008-03-23 17:12 <REP> d-------- C:\ComboFix[1]
    2008-03-23 16:35 . 2008-03-23 16:35 <REP> d-------- C:\Program Files\Blender Foundation
    2008-03-21 21:55 . 2008-03-21 21:55 <REP> d-------- C:\Program Files\ffdshow
    2008-03-21 21:53 . 2008-03-21 21:53 <REP> d--h----- C:\Windows\msdownld.tmp
    2008-03-21 21:53 . 2008-03-21 21:53 <REP> d-------- C:\Program Files\Windows Media Components
    2008-03-21 21:52 . 2008-03-21 21:52 <REP> d-------- C:\Program Files\MMConvert
    2008-03-21 21:52 . 2005-04-04 13:35 745,472 --a------ C:\Windows\System32\xvidcore.dll
    2008-03-21 21:52 . 2005-11-24 10:58 440,320 --a------ C:\Windows\System32\x264vfw.dll
    2008-03-21 21:52 . 2005-04-04 13:52 180,224 --a------ C:\Windows\System32\xvidvfw.dll
    2008-03-21 21:08 . 2008-03-21 21:08 <REP> d-------- C:\Users\mick\AppData\Roaming\STOIK
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\mick\AppData\Roaming\Grisoft
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\Users\All Users\Grisoft
    2008-03-20 16:30 . 2008-03-20 16:30 <REP> d-------- C:\ProgramData\Grisoft
    2008-03-20 16:30 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
    2008-03-01 10:52 . 2008-03-01 10:52 <REP> d-------- C:\ATI
    2008-03-01 09:32 . 1997-06-02 12:32 314,880 --a------ C:\Windows\IsUninst.exe
    2008-02-28 03:01 . 2008-02-28 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\Users\All Users\Age of Empires 3
    2008-02-27 17:50 . 2008-02-27 17:50 <REP> d-------- C:\ProgramData\Age of Empires 3
    2008-02-27 17:47 . 2008-03-11 21:19 <REP> d-------- C:\Program Files\Common Files\Microsoft Games
    2008-02-27 16:27 . 2008-02-27 16:27 <REP> d-------- C:\Users\mick\ASIO4ALL v2
    2008-02-26 21:27 . 2008-02-27 16:29 <REP> d-------- C:\Program Files\Image-Line
    2008-02-26 21:27 . 2002-07-07 23:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-23 19:47 --------- d-----w C:\Users\mick\AppData\Roaming\Skype
    2008-03-23 19:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-23 19:30 --------- d-----w C:\Program Files\Common Files\Skype
    2008-03-23 19:29 --------- d-----w C:\Users\mick\AppData\Roaming\Hamachi
    2008-03-23 19:29 --------- d-----w C:\ProgramData\Microsoft Help
    2008-03-23 19:29 --------- d-----w C:\Program Files\Norton Security Scan
    2008-03-23 19:29 --------- d-----w C:\Program Files\Microsoft Works
    2008-03-23 19:29 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-23 19:29 --------- d-----w C:\Program Files\Google
    2008-03-23 19:16 --------- d-----w C:\ProgramData\Symantec
    2008-03-23 15:07 --------- d-----w C:\Users\mick\AppData\Roaming\skypePM
    2008-03-21 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-21 19:19 --------- d-----w C:\Program Files\DAEMON Tools
    2008-02-27 16:13 --------- d-----w C:\Program Files\Microsoft Games
    2008-02-22 14:45 --------- d-----w C:\Users\mick\AppData\Roaming\Propellerhead Software
    2008-02-22 14:45 --------- d-----w C:\ProgramData\Propellerhead Software
    2008-02-22 02:12 368,640 ----a-w C:\Windows\System32\ReWire.dll
    2008-02-22 02:12 233,472 ----a-w C:\Windows\System32\REX Shared Library.dll
    2008-02-16 09:07 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-02-15 22:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-02-15 21:09 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-02-15 21:05 22,328 ----a-w C:\Users\mick\AppData\Roaming\PnkBstrK.sys
    2008-02-15 20:35 --------- d-----w C:\Program Files\Activision
    2008-02-15 20:18 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 05:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 05:42 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 05:42 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 05:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 05:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 05:34 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 05:33 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 05:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 05:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-13 17:15 --------- d-----w C:\Program Files\Norton Internet Security
    2008-02-12 16:48 --------- d-----w C:\Program Files\pspvideo9
    2008-02-12 16:48 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-27 00:48 --------- d-----w C:\Users\mick\AppData\Roaming\MessengerGadget
    2008-01-24 21:22 --------- d-----w C:\Users\mick\AppData\Roaming\GRETECH
    2008-01-24 21:22 --------- d-----w C:\ProgramData\GRETECH
    2008-01-24 21:21 --------- d-----w C:\Program Files\GRETECH
    2008-01-24 15:47 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
    2008-01-10 11:38 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-03 02:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-03 02:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-03 02:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-03 02:09 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-01-03 02:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-03 02:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-03 02:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-01-03 02:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-03 02:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-03 02:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-01-03 02:03 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-01-03 02:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-01-03 02:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-01-03 02:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2008-01-02 20:59 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-01-02 20:59 32 ----a-w C:\ProgramData\ezsid.dat
    2008-01-02 18:24 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2008-01-02 18:24 43,352 ----a-w C:\Windows\System32\wups2.dll
    2008-01-02 18:24 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2008-01-02 18:24 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    2008-01-02 18:23 80,896 ----a-w C:\Windows\System32\wudriver.dll
    2008-01-02 18:23 549,720 ----a-w C:\Windows\System32\wuapi.dll
    2008-01-02 18:23 33,624 ----a-w C:\Windows\System32\wups.dll
    2008-01-02 18:22 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-01-02 18:22 163,000 ----a-w C:\Windows\System32\wuwebv.dll
    2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((( snapshot_2008-03-23_19.43.39.45 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-23 18:38:57 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-03-23 19:31:17 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-03-23 18:41:40 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-03-23 19:33:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    - 2008-03-23 18:41:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-23 20:18:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-23 20:18:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-03-23 18:09:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-23 19:51:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-03-23 18:09:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-23 19:51:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-03-23 18:09:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-03-23 19:51:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-03-23 18:11:06 125,136 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-03-23 19:38:33 125,136 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-03-23 18:11:06 144,862 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-03-23 19:38:34 144,862 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-03-23 18:11:06 665,178 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-03-23 19:38:34 665,178 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-03-23 18:11:06 24,472 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-03-23 19:38:34 24,472 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-03-23 18:08:40 8,120 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2214617537-3510346454-3790275366-1003_UserData.bin
    + 2008-03-23 19:33:53 8,538 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2214617537-3510346454-3790275366-1003_UserData.bin
    - 2008-03-23 18:08:39 83,456 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-03-23 19:33:52 83,912 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-03-22 22:47:42 3,084 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    + 2008-03-23 19:25:25 3,084 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-03-23 18:08:26 53,114 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-03-23 19:33:38 53,796 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:38 1232896]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 21:52 171448]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-03 09:57 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 22:27 4702208 C:\Windows\RtHDVCpl.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 21:33 107112]
    "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 21:30 22696]
    "Acer Tour"="" []
    "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 12:47 45056]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 20:01 71216]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
    "eRecoveryService"="" []
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:04 813840]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
    "PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-17 18:33:55 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3A5CB2AD-123E-418A-A77E-C8193AA4AE83}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{698F80A5-5D09-468C-AED4-A0FF99C3D721}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{CD7C4856-5413-4AAA-BB23-A044DA77AC24}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{48721E0B-E441-48FA-946A-9151EB218353}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{7D399EC5-4345-46E8-AD51-DEBC4AA3E1FB}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "{5D96DD76-3A13-4440-976E-5F66D1449E53}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{4054D991-9E19-4401-82FB-BAB4A202AC18}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{014B362E-7152-4DBC-8C3E-C598568AD58D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{78175FE5-5473-42B4-A5C5-5D489EA60B87}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{D5FFB3C2-583A-4610-A13A-74775AB5C130}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{4DAEDF99-939D-48EC-AD96-AD6D90B4AD16}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{A080E02C-F5E5-4600-B9C3-ECBF0EF0E8B2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{C6C6904E-50EC-46CC-A876-1E107009A199}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{5EF88713-A0C0-4A5B-8A38-A180AAC09A2B}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
    "{CE05B381-65B1-4EC2-A57D-63F9193A9246}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
    "TCP Query User{0448990B-05BD-471D-98DC-DB9AC4E0FB71}D:\\emul\\emule\\emule.exe"= UDP:D:\emul\emule\emule.exe:eMule
    "UDP Query User{36A18557-FE8C-4B6B-92D2-E8CF3B6BF9AD}D:\\emul\\emule\\emule.exe"= TCP:D:\emul\emule\emule.exe:eMule

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 18:04]
    R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 00:11]
    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 17:18]
    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51]
    R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 09:46]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
    R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 17:39]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 08:10]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 19:12]
    S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
    S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 21:18]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d697dd0-dc03-11dc-bd8f-000000000000}]
    \shell\AutoRun\command - F:\autorun.exe
    \shell\setup\command - F:\install.exe

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-21 19:49:13 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - mick.job"
    - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
    "2008-03-23 20:14:59 C:\Windows\Tasks\User_Feed_Synchronization-{76260F5B-093E-478A-BE04-78F628BA07E3}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-23 21:18:17
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-23 21:19:04
    ComboFix-quarantined-files.txt 2008-03-23 20:18:59
    ComboFix2.txt 2008-03-23 17:31:15
    .
    2008-03-13 14:38:54 --- E O F ---
    0
  15. mick360
     
    Dsl si j'ai etai longm ais j'ai eu quelque probleme avec mon bureau qui devenai tout noir mais bn c réglé la j ai plus le truc qui m enmerd et jai mon fond d ecran merci pour ton aide c'est super simpa ;)
    0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok mick360

    post un nouveau hijack this stp

    @+
    0
  17. mick360
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:40:36, on 23/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\pspvideo9\pspVideo9.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142MXFR
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  18. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    post un nouveau hijack this

    celui ci est du : 18:40:36, on 23/03/2008

    @+
    0
  19. mick360
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:34:36, on 23/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\pspvideo9\pspVideo9.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142MXFR
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  20. mick360
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:34:36, on 23/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\pspvideo9\pspVideo9.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142MXFR
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  21. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    passe cet anti spyware stp :

    telecharge malwarebytes

    -> http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm

    tu l´instales, le programme va se mettre a jour automatiquement.

    une fois a jour le programme va se lancer, clcik sur l´onglet parametre, tu coche la case : Arreter internet explorer pendant la suppression.

    click sur l´onglet recherche maintenant et coche la case : executer un examun complet.

    puis click sur rechercher.

    laisses le scanner le pc, a la fin un rapport va s´ouvrir copie et colle le ici stp

    @+
    0
  • 1
  • 2