Probleme "pc antispyware"
Résolu/Fermé
A voir également:
- Probleme "pc antispyware"
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Whatsapp pc - Télécharger - Messagerie
- Audacity enregistrer son pc - Guide
10 réponses
Utilisateur anonyme
2 mai 2008 à 14:12
2 mai 2008 à 14:12
slt,
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
-----------------
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
-----------------
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 14:36:54, on 02/05/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\ProgramData\vqpujktg\tydmvwbe.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Applications\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\dsnmvgbu.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\Windows\wxdbpfvo.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [WinampAgent] C:\Applications\Winamp\winampa.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [hrgtlijp] C:\Windows\system32\dsnmvgbu.exe
O4 - HKCU\..\Run: [mphbyfty] C:\Windows\system32\vuhkdmne.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Applications\Avast\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Applications\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Applications\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Applications\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 14:36:54, on 02/05/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\ProgramData\vqpujktg\tydmvwbe.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Applications\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\dsnmvgbu.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\Windows\wxdbpfvo.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [WinampAgent] C:\Applications\Winamp\winampa.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [hrgtlijp] C:\Windows\system32\dsnmvgbu.exe
O4 - HKCU\..\Run: [mphbyfty] C:\Windows\system32\vuhkdmne.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Applications\Avast\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Applications\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Applications\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Applications\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
ok coches ces lignes puis cliques sur fix cheded.
O4 - HKCU\..\Run: [hrgtlijp] C:\Windows\system32\dsnmvgbu.exe
O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\Windows\wxdbpfvo.dll (file missing)
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
C:\Windows\System32\dsnmvgbu.exe
C:\ProgramData\vqpujktg\tydmvwbe.exe
VOILA ET ACTIVE TON PARE-FEU .
O4 - HKCU\..\Run: [hrgtlijp] C:\Windows\system32\dsnmvgbu.exe
O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\Windows\wxdbpfvo.dll (file missing)
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
C:\Windows\System32\dsnmvgbu.exe
C:\ProgramData\vqpujktg\tydmvwbe.exe
VOILA ET ACTIVE TON PARE-FEU .
dans quel utilitaire dois je cocher ces cases??? j'ai ferme les fenetres,je relance le test??????
j'ai refait et coche puis cliquer sur fixer les objets. en revanche je n'avais pas les lignes C:\Windows\System32\dsnmvgbu.exe
C:\ProgramData\vqpujktg\tydmvwbe.exe
C:\ProgramData\vqpujktg\tydmvwbe.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
non non mon rapport,enfin pas celui en format ".log" mais celui avec les cases ne commence qu'avec " R0"
Ok essaye de le désinstaller en mode sans échec.
Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
super ça a marche!!!!
merci beaucoup de ton aide!!!!!
puis je maintenant desinstaller combofix et hijack this???
merci beaucoup de ton aide!!!!!
puis je maintenant desinstaller combofix et hijack this???
Utilisateur anonyme
2 mai 2008 à 15:30
2 mai 2008 à 15:30
Excuse fais ceci:
Re alors désinstalle tous tes logiciel de sécurité. Et installe AntiVir,Malwarebytes Anti-Malware et Kerio.
AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
Tutoriel AntiVir: https://www.malekal.com/avira-free-security-antivirus-gratuit/
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
Kerio: https://www.01net.com/outils/telecharger/windows/Securite/firewall/fiches/tele22418.html
Tutoriel Kerio: https://forums.cnetfrance.fr
PS: TU LES INSTALLES SEULEMENT. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE. VOILA FAIT VITE.
Re alors désinstalle tous tes logiciel de sécurité. Et installe AntiVir,Malwarebytes Anti-Malware et Kerio.
AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
Tutoriel AntiVir: https://www.malekal.com/avira-free-security-antivirus-gratuit/
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
Kerio: https://www.01net.com/outils/telecharger/windows/Securite/firewall/fiches/tele22418.html
Tutoriel Kerio: https://forums.cnetfrance.fr
PS: TU LES INSTALLES SEULEMENT. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE. VOILA FAIT VITE.
2 mai 2008 à 14:28
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2057 [GMT 2:00]
Endroit: C:\Users\Les Ménager\Desktop\Combo-Fix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\.protected
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\com\pcsd.dll
C:\Program Files\PC-Cleaner\PC-Cleaner.db
C:\Program Files\PC-Cleaner\PC-Cleaner.exe
C:\Program Files\PC-Cleaner\pccleaner.pkg
C:\Program Files\PC-Cleaner\program.info
C:\Program Files\PC-Cleaner\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Users\Les Ménager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Windows\.protected
C:\Windows\a.bat
C:\Windows\bdn.com
C:\Windows\iTunesMusic.exe
C:\Windows\mslagent
C:\Windows\mssecu.exe
C:\Windows\qadovnel.dll
C:\Windows\spwoqbmv.exe
C:\Windows\system32\ddcBsrPj.dll
C:\Windows\system32\drivers\etc\.protected
C:\Windows\system32\smp
C:\Windows\system32\smp\msrc.exe
C:\Windows\system32\urqQggeD.dll
C:\Windows\system32\vtUnnkih.dll
C:\Windows\Web\def.htm
C:\Windows\wxdbpfvo.dll
C:\Windows\xbaqktfv.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.
2008-05-02 14:22 . 2008-05-02 14:22 90,112 --a------ C:\Windows\System32\vuhkdmne.exe
2008-05-02 14:15 . 2008-05-02 14:15 <REP> d-------- C:\327882R2FWJFW
2008-05-02 13:47 . 2008-05-02 13:47 25,472 --a------ C:\Windows\System32\drivers\pca-firewall.sys
2008-05-02 13:46 . 2008-05-02 13:47 <REP> d-------- C:\Program Files\PC-Antispyware
2008-05-02 11:13 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\Users\All Users\vqpujktg
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\ProgramData\vqpujktg
2008-04-29 19:54 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\ProgramData\Google Updater
2008-04-19 15:07 . 2008-04-19 15:08 <REP> d-------- C:\Program Files\Google
2008-04-17 13:41 . 2008-04-17 13:41 <REP> d-------- C:\download
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-04-16 19:55 . 2006-05-03 22:53 174,592 --a------ C:\Windows\System32\framedyn.dll
2008-04-16 19:51 . 2008-04-16 19:53 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-04-16 19:51 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
2008-04-16 19:51 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-04-16 19:50 . 2008-04-16 19:50 <REP> d-------- C:\Program Files\Samsung
2008-04-16 19:13 . 2008-04-16 19:13 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-12 09:27 . 2008-04-12 09:27 <REP> d-------- C:\Program Files\uTorrent
2008-04-10 00:11 . 2008-04-10 00:11 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-10 00:11 . 2008-04-10 00:11 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-10 00:11 . 2008-04-10 00:11 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-10 00:11 . 2008-04-10 00:11 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 00:11 . 2008-04-10 00:11 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 00:11 . 2008-04-10 00:11 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 00:11 . 2008-04-10 00:11 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 00:11 . 2008-04-10 00:11 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-10 00:11 . 2008-04-10 00:11 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-10 00:10 . 2008-04-10 00:10 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-10 00:09 . 2008-04-10 00:09 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-10 00:08 . 2008-04-10 00:08 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-10 00:08 . 2008-04-10 00:08 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 10:47 --------- d-----w C:\Program Files\eMule
2008-04-18 14:35 --------- d-----w C:\Program Files\EA GAMES
2008-04-16 17:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 07:34 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 22:06 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-09 22:06 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-09 22:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-09 22:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-30 17:27 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-30 17:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-30 17:21 --------- d-----w C:\Program Files\Microsoft Works
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 09:00 --------- d-----w C:\Program Files\Image Saver
2008-03-29 08:59 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-03-29 08:59 249,856 ------w C:\Windows\Setup1.exe
2008-03-29 08:18 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR
2008-03-28 13:18 --------- d-----w C:\Program Files\Olivetti
2008-03-27 10:22 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-27 08:16 174 --sha-w C:\Program Files\desktop.ini
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Calendar
2008-03-26 22:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-26 22:10 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-26 22:06 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-26 22:06 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-26 22:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-26 22:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-26 22:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-26 22:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-26 22:05 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-26 22:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-26 22:04 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-26 22:04 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-26 22:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-26 22:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-26 22:04 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-26 22:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-26 22:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-26 22:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-26 22:04 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-26 22:02 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-26 22:02 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-26 22:02 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-26 22:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-26 22:01 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-26 22:01 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-26 21:59 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-26 21:59 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-26 21:59 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-26 21:58 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-26 21:58 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-26 21:58 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-26 21:58 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-26 21:58 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-26 21:57 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-26 21:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-26 21:55 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-26 21:55 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-26 18:11 --------- d-----w C:\Program Files\Windows Live
2008-03-26 18:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-26 18:09 --------- d-----w C:\ProgramData\WLInstaller
2008-03-26 17:04 --------- d-----w C:\ProgramData\IM
2008-03-26 17:03 --------- d-----w C:\ProgramData\IncrediMail
2008-03-26 17:03 --------- d-----w C:\Program Files\IncrediMail
2008-03-26 08:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-25 22:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\LogiShrd
2008-03-25 22:06 --------- d-----w C:\Program Files\Logitech
2008-03-25 22:04 --------- d-----w C:\ProgramData\Symantec
2008-03-25 21:46 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-25 21:46 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-25 21:46 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-25 21:46 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-25 21:45 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-25 21:45 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-25 21:45 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-25 21:45 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-25 21:45 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-25 20:51 --------- d-----w C:\Program Files\Yahoo!
2008-03-25 19:07 --------- d-----w C:\ProgramData\CyberLink
2008-03-25 19:06 --------- d-----w C:\Program Files\Acer Arcade Live
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Modèles
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Favoris
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Bureau
2008-03-25 19:02 --------- d-sh--w C:\Program Files\Fichiers communs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
2008-05-02 13:47 176128 --a------ C:\Program Files\PC-Antispyware\IeExtension.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B}"= "C:\Windows\wxdbpfvo.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{3e1a7455-8f94-40b1-a2a8-4fe1a5264f8b}]
[HKEY_CLASSES_ROOT\wxdbpfvo.1]
[HKEY_CLASSES_ROOT\TypeLib\{C8DFBEB7-935F-4DC6-A9F9-DBDD0D32E54C}]
[HKEY_CLASSES_ROOT\wxdbpfvo]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 23:59 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-11 18:30 243072]
"hrgtlijp"="C:\Windows\system32\dsnmvgbu.exe" [2008-05-02 10:47 102400]
"mphbyfty"="C:\Windows\system32\vuhkdmne.exe" [2008-05-02 14:22 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 03:17 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 4669440 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 07:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 07:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 07:15 81920]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"PlayMovie"="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 23:24 178280]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
"OlStatusMon"="C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" [2007-06-08 17:59 253952]
"WinampAgent"="C:\Applications\Winamp\winampa.exe" [2008-04-01 20:49 36352]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-26 00:06:56 692224]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 15:07:53 124400]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"zRo7aIsDo0"= C:\ProgramData\vqpujktg\tydmvwbe.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CE86878F-D099-4FFC-A4DC-E51D192063B1}"= C:\Windows\system32\vtUnnkih.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{431AB345-E0A6-4C85-BDEC-D5A2F7DCA4C5}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie
"{288DA44A-DDFE-4589-BDAC-B81E233AD6FE}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program
"{3D25D7E7-55C6-4D5C-ADB3-7979058DE8F7}"= Disabled:UDP:J:\incredimail_install.exe:IncrediMail Installer
"{15913542-9956-40A3-A70B-1339E8005C29}"= Disabled:TCP:J:\incredimail_install.exe:IncrediMail Installer
"TCP Query User{4D6BD0DD-E2C0-4CFA-9121-AD3E89BF39AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{8A6266E1-41F3-4F65-8721-26E67CBD8FF6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{7BDC1CC2-4EBA-4DDC-8D89-5E3A8BF3BBF6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{47AAB630-75B5-40B9-BB95-CA38926F3FE8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F0FEC60F-2E29-4066-9E47-A85622293212}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{569A85CE-AFC0-4144-A228-A651C5AD9C98}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6D577914-F286-41E3-A245-4D8812281F2C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3A43CC2C-184F-4E9D-BA12-9E7C19187986}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9249FB15-B0B8-4A91-9E78-AF414730F2EE}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{BEB6E449-6DA8-4840-876E-521736479AA9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BDA9C72F-F593-4EC7-95C0-3F0F031DCD03}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{64318CD0-3538-4843-83E3-B351AC88101B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{98E8207E-0167-402B-BDD7-2762FF1E81C4}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{21C0CDD2-1A57-47A9-BC63-77A9598D90C9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{52A39AE2-71F5-4DDF-B91A-237B1B7C841D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B351C4A1-0A7F-4770-B67D-14B77BE7806F}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{F5CB5B13-125F-4A95-99D3-408DD2D32970}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{D4F9A6BE-01B3-48E6-9F5D-29DDC72C2F66}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{0BEE34E7-EDAA-4198-BE76-7B001282AC91}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 pca-firewall;pca-firewall;C:\Windows\system32\drivers\pca-firewall.sys [2008-05-02 13:47]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\[u]0/u00.fcl [2007-08-31 16:24]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 olMntrService;Olivetti Monitor Service;"C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe" [2007-06-08 17:58]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11914274-c561-11dc-bd82-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 14:22:26
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Users\Les Ménager\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1203 bytes hidden from API
Scan termin‚ avec succŠs
Les fichiers cach‚s: 11
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Applications\Avast\aswUpdSv.exe
C:\Applications\Avast\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Applications\Avast\ashWebSv.exe
C:\Applications\Avast\ashMaiSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 14:26:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 12:26:02
Pre-Run: 119,379,795,968 octets libres
Post-Run: 119,611,265,024 octets libres
316 --- E O F --- 2008-05-02 06:43:34
2 mai 2008 à 14:28
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2057 [GMT 2:00]
Endroit: C:\Users\Les Ménager\Desktop\Combo-Fix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\.protected
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\com\pcsd.dll
C:\Program Files\PC-Cleaner\PC-Cleaner.db
C:\Program Files\PC-Cleaner\PC-Cleaner.exe
C:\Program Files\PC-Cleaner\pccleaner.pkg
C:\Program Files\PC-Cleaner\program.info
C:\Program Files\PC-Cleaner\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Users\Les Ménager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Windows\.protected
C:\Windows\a.bat
C:\Windows\bdn.com
C:\Windows\iTunesMusic.exe
C:\Windows\mslagent
C:\Windows\mssecu.exe
C:\Windows\qadovnel.dll
C:\Windows\spwoqbmv.exe
C:\Windows\system32\ddcBsrPj.dll
C:\Windows\system32\drivers\etc\.protected
C:\Windows\system32\smp
C:\Windows\system32\smp\msrc.exe
C:\Windows\system32\urqQggeD.dll
C:\Windows\system32\vtUnnkih.dll
C:\Windows\Web\def.htm
C:\Windows\wxdbpfvo.dll
C:\Windows\xbaqktfv.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.
2008-05-02 14:22 . 2008-05-02 14:22 90,112 --a------ C:\Windows\System32\vuhkdmne.exe
2008-05-02 14:15 . 2008-05-02 14:15 <REP> d-------- C:\327882R2FWJFW
2008-05-02 13:47 . 2008-05-02 13:47 25,472 --a------ C:\Windows\System32\drivers\pca-firewall.sys
2008-05-02 13:46 . 2008-05-02 13:47 <REP> d-------- C:\Program Files\PC-Antispyware
2008-05-02 11:13 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\Users\All Users\vqpujktg
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\ProgramData\vqpujktg
2008-04-29 19:54 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\ProgramData\Google Updater
2008-04-19 15:07 . 2008-04-19 15:08 <REP> d-------- C:\Program Files\Google
2008-04-17 13:41 . 2008-04-17 13:41 <REP> d-------- C:\download
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-04-16 19:55 . 2006-05-03 22:53 174,592 --a------ C:\Windows\System32\framedyn.dll
2008-04-16 19:51 . 2008-04-16 19:53 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-04-16 19:51 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
2008-04-16 19:51 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-04-16 19:50 . 2008-04-16 19:50 <REP> d-------- C:\Program Files\Samsung
2008-04-16 19:13 . 2008-04-16 19:13 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-12 09:27 . 2008-04-12 09:27 <REP> d-------- C:\Program Files\uTorrent
2008-04-10 00:11 . 2008-04-10 00:11 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-10 00:11 . 2008-04-10 00:11 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-10 00:11 . 2008-04-10 00:11 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-10 00:11 . 2008-04-10 00:11 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 00:11 . 2008-04-10 00:11 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 00:11 . 2008-04-10 00:11 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 00:11 . 2008-04-10 00:11 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 00:11 . 2008-04-10 00:11 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-10 00:11 . 2008-04-10 00:11 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-10 00:10 . 2008-04-10 00:10 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-10 00:09 . 2008-04-10 00:09 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-10 00:08 . 2008-04-10 00:08 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-10 00:08 . 2008-04-10 00:08 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 10:47 --------- d-----w C:\Program Files\eMule
2008-04-18 14:35 --------- d-----w C:\Program Files\EA GAMES
2008-04-16 17:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 07:34 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 22:06 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-09 22:06 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-09 22:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-09 22:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-30 17:27 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-30 17:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-30 17:21 --------- d-----w C:\Program Files\Microsoft Works
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 09:00 --------- d-----w C:\Program Files\Image Saver
2008-03-29 08:59 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-03-29 08:59 249,856 ------w C:\Windows\Setup1.exe
2008-03-29 08:18 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR
2008-03-28 13:18 --------- d-----w C:\Program Files\Olivetti
2008-03-27 10:22 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-27 08:16 174 --sha-w C:\Program Files\desktop.ini
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Calendar
2008-03-26 22:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-26 22:10 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-26 22:06 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-26 22:06 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-26 22:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-26 22:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-26 22:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-26 22:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-26 22:05 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-26 22:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-26 22:04 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-26 22:04 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-26 22:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-26 22:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-26 22:04 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-26 22:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-26 22:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-26 22:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-26 22:04 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-26 22:02 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-26 22:02 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-26 22:02 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-26 22:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-26 22:01 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-26 22:01 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-26 21:59 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-26 21:59 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-26 21:59 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-26 21:58 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-26 21:58 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-26 21:58 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-26 21:58 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-26 21:58 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-26 21:57 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-26 21:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-26 21:55 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-26 21:55 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-26 18:11 --------- d-----w C:\Program Files\Windows Live
2008-03-26 18:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-26 18:09 --------- d-----w C:\ProgramData\WLInstaller
2008-03-26 17:04 --------- d-----w C:\ProgramData\IM
2008-03-26 17:03 --------- d-----w C:\ProgramData\IncrediMail
2008-03-26 17:03 --------- d-----w C:\Program Files\IncrediMail
2008-03-26 08:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-25 22:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\LogiShrd
2008-03-25 22:06 --------- d-----w C:\Program Files\Logitech
2008-03-25 22:04 --------- d-----w C:\ProgramData\Symantec
2008-03-25 21:46 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-25 21:46 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-25 21:46 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-25 21:46 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-25 21:45 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-25 21:45 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-25 21:45 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-25 21:45 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-25 21:45 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-25 20:51 --------- d-----w C:\Program Files\Yahoo!
2008-03-25 19:07 --------- d-----w C:\ProgramData\CyberLink
2008-03-25 19:06 --------- d-----w C:\Program Files\Acer Arcade Live
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Modèles
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Favoris
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Bureau
2008-03-25 19:02 --------- d-sh--w C:\Program Files\Fichiers communs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
2008-05-02 13:47 176128 --a------ C:\Program Files\PC-Antispyware\IeExtension.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B}"= "C:\Windows\wxdbpfvo.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{3e1a7455-8f94-40b1-a2a8-4fe1a5264f8b}]
[HKEY_CLASSES_ROOT\wxdbpfvo.1]
[HKEY_CLASSES_ROOT\TypeLib\{C8DFBEB7-935F-4DC6-A9F9-DBDD0D32E54C}]
[HKEY_CLASSES_ROOT\wxdbpfvo]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 23:59 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-11 18:30 243072]
"hrgtlijp"="C:\Windows\system32\dsnmvgbu.exe" [2008-05-02 10:47 102400]
"mphbyfty"="C:\Windows\system32\vuhkdmne.exe" [2008-05-02 14:22 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 03:17 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 4669440 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 07:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 07:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 07:15 81920]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"PlayMovie"="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 23:24 178280]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
"OlStatusMon"="C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" [2007-06-08 17:59 253952]
"WinampAgent"="C:\Applications\Winamp\winampa.exe" [2008-04-01 20:49 36352]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-26 00:06:56 692224]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 15:07:53 124400]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"zRo7aIsDo0"= C:\ProgramData\vqpujktg\tydmvwbe.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CE86878F-D099-4FFC-A4DC-E51D192063B1}"= C:\Windows\system32\vtUnnkih.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{431AB345-E0A6-4C85-BDEC-D5A2F7DCA4C5}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie
"{288DA44A-DDFE-4589-BDAC-B81E233AD6FE}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program
"{3D25D7E7-55C6-4D5C-ADB3-7979058DE8F7}"= Disabled:UDP:J:\incredimail_install.exe:IncrediMail Installer
"{15913542-9956-40A3-A70B-1339E8005C29}"= Disabled:TCP:J:\incredimail_install.exe:IncrediMail Installer
"TCP Query User{4D6BD0DD-E2C0-4CFA-9121-AD3E89BF39AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{8A6266E1-41F3-4F65-8721-26E67CBD8FF6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{7BDC1CC2-4EBA-4DDC-8D89-5E3A8BF3BBF6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{47AAB630-75B5-40B9-BB95-CA38926F3FE8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F0FEC60F-2E29-4066-9E47-A85622293212}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{569A85CE-AFC0-4144-A228-A651C5AD9C98}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6D577914-F286-41E3-A245-4D8812281F2C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3A43CC2C-184F-4E9D-BA12-9E7C19187986}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9249FB15-B0B8-4A91-9E78-AF414730F2EE}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{BEB6E449-6DA8-4840-876E-521736479AA9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BDA9C72F-F593-4EC7-95C0-3F0F031DCD03}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{64318CD0-3538-4843-83E3-B351AC88101B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{98E8207E-0167-402B-BDD7-2762FF1E81C4}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{21C0CDD2-1A57-47A9-BC63-77A9598D90C9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{52A39AE2-71F5-4DDF-B91A-237B1B7C841D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B351C4A1-0A7F-4770-B67D-14B77BE7806F}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{F5CB5B13-125F-4A95-99D3-408DD2D32970}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{D4F9A6BE-01B3-48E6-9F5D-29DDC72C2F66}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{0BEE34E7-EDAA-4198-BE76-7B001282AC91}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 pca-firewall;pca-firewall;C:\Windows\system32\drivers\pca-firewall.sys [2008-05-02 13:47]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\[u]0/u00.fcl [2007-08-31 16:24]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 olMntrService;Olivetti Monitor Service;"C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe" [2007-06-08 17:58]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11914274-c561-11dc-bd82-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 14:22:26
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Users\Les Ménager\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1203 bytes hidden from API
Scan termin‚ avec succŠs
Les fichiers cach‚s: 11
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Applications\Avast\aswUpdSv.exe
C:\Applications\Avast\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Applications\Avast\ashWebSv.exe
C:\Applications\Avast\ashMaiSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 14:26:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 12:26:02
Pre-Run: 119,379,795,968 octets libres
Post-Run: 119,611,265,024 octets libres
316 --- E O F --- 2008-05-02 06:43:34
2 mai 2008 à 14:28
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2057 [GMT 2:00]
Endroit: C:\Users\Les Ménager\Desktop\Combo-Fix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\.protected
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\com\pcsd.dll
C:\Program Files\PC-Cleaner\PC-Cleaner.db
C:\Program Files\PC-Cleaner\PC-Cleaner.exe
C:\Program Files\PC-Cleaner\pccleaner.pkg
C:\Program Files\PC-Cleaner\program.info
C:\Program Files\PC-Cleaner\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Users\Les Ménager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Windows\.protected
C:\Windows\a.bat
C:\Windows\bdn.com
C:\Windows\iTunesMusic.exe
C:\Windows\mslagent
C:\Windows\mssecu.exe
C:\Windows\qadovnel.dll
C:\Windows\spwoqbmv.exe
C:\Windows\system32\ddcBsrPj.dll
C:\Windows\system32\drivers\etc\.protected
C:\Windows\system32\smp
C:\Windows\system32\smp\msrc.exe
C:\Windows\system32\urqQggeD.dll
C:\Windows\system32\vtUnnkih.dll
C:\Windows\Web\def.htm
C:\Windows\wxdbpfvo.dll
C:\Windows\xbaqktfv.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.
2008-05-02 14:22 . 2008-05-02 14:22 90,112 --a------ C:\Windows\System32\vuhkdmne.exe
2008-05-02 14:15 . 2008-05-02 14:15 <REP> d-------- C:\327882R2FWJFW
2008-05-02 13:47 . 2008-05-02 13:47 25,472 --a------ C:\Windows\System32\drivers\pca-firewall.sys
2008-05-02 13:46 . 2008-05-02 13:47 <REP> d-------- C:\Program Files\PC-Antispyware
2008-05-02 11:13 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\Users\All Users\vqpujktg
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\ProgramData\vqpujktg
2008-04-29 19:54 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\ProgramData\Google Updater
2008-04-19 15:07 . 2008-04-19 15:08 <REP> d-------- C:\Program Files\Google
2008-04-17 13:41 . 2008-04-17 13:41 <REP> d-------- C:\download
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-04-16 19:55 . 2006-05-03 22:53 174,592 --a------ C:\Windows\System32\framedyn.dll
2008-04-16 19:51 . 2008-04-16 19:53 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-04-16 19:51 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
2008-04-16 19:51 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-04-16 19:50 . 2008-04-16 19:50 <REP> d-------- C:\Program Files\Samsung
2008-04-16 19:13 . 2008-04-16 19:13 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-12 09:27 . 2008-04-12 09:27 <REP> d-------- C:\Program Files\uTorrent
2008-04-10 00:11 . 2008-04-10 00:11 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-10 00:11 . 2008-04-10 00:11 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-10 00:11 . 2008-04-10 00:11 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-10 00:11 . 2008-04-10 00:11 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 00:11 . 2008-04-10 00:11 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 00:11 . 2008-04-10 00:11 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 00:11 . 2008-04-10 00:11 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 00:11 . 2008-04-10 00:11 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-10 00:11 . 2008-04-10 00:11 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-10 00:10 . 2008-04-10 00:10 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-10 00:09 . 2008-04-10 00:09 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-10 00:08 . 2008-04-10 00:08 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-10 00:08 . 2008-04-10 00:08 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 10:47 --------- d-----w C:\Program Files\eMule
2008-04-18 14:35 --------- d-----w C:\Program Files\EA GAMES
2008-04-16 17:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 07:34 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 22:06 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-09 22:06 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-09 22:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-09 22:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-30 17:27 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-30 17:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-30 17:21 --------- d-----w C:\Program Files\Microsoft Works
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 09:00 --------- d-----w C:\Program Files\Image Saver
2008-03-29 08:59 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-03-29 08:59 249,856 ------w C:\Windows\Setup1.exe
2008-03-29 08:18 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR
2008-03-28 13:18 --------- d-----w C:\Program Files\Olivetti
2008-03-27 10:22 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-27 08:16 174 --sha-w C:\Program Files\desktop.ini
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Calendar
2008-03-26 22:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-26 22:10 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-26 22:06 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-26 22:06 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-26 22:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-26 22:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-26 22:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-26 22:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-26 22:05 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-26 22:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-26 22:04 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-26 22:04 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-26 22:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-26 22:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-26 22:04 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-26 22:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-26 22:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-26 22:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-26 22:04 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-26 22:02 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-26 22:02 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-26 22:02 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-26 22:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-26 22:01 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-26 22:01 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-26 21:59 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-26 21:59 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-26 21:59 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-26 21:58 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-26 21:58 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-26 21:58 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-26 21:58 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-26 21:58 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-26 21:57 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-26 21:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-26 21:55 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-26 21:55 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-26 18:11 --------- d-----w C:\Program Files\Windows Live
2008-03-26 18:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-26 18:09 --------- d-----w C:\ProgramData\WLInstaller
2008-03-26 17:04 --------- d-----w C:\ProgramData\IM
2008-03-26 17:03 --------- d-----w C:\ProgramData\IncrediMail
2008-03-26 17:03 --------- d-----w C:\Program Files\IncrediMail
2008-03-26 08:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-25 22:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\LogiShrd
2008-03-25 22:06 --------- d-----w C:\Program Files\Logitech
2008-03-25 22:04 --------- d-----w C:\ProgramData\Symantec
2008-03-25 21:46 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-25 21:46 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-25 21:46 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-25 21:46 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-25 21:45 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-25 21:45 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-25 21:45 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-25 21:45 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-25 21:45 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-25 20:51 --------- d-----w C:\Program Files\Yahoo!
2008-03-25 19:07 --------- d-----w C:\ProgramData\CyberLink
2008-03-25 19:06 --------- d-----w C:\Program Files\Acer Arcade Live
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Modèles
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Favoris
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Bureau
2008-03-25 19:02 --------- d-sh--w C:\Program Files\Fichiers communs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
2008-05-02 13:47 176128 --a------ C:\Program Files\PC-Antispyware\IeExtension.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B}"= "C:\Windows\wxdbpfvo.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{3e1a7455-8f94-40b1-a2a8-4fe1a5264f8b}]
[HKEY_CLASSES_ROOT\wxdbpfvo.1]
[HKEY_CLASSES_ROOT\TypeLib\{C8DFBEB7-935F-4DC6-A9F9-DBDD0D32E54C}]
[HKEY_CLASSES_ROOT\wxdbpfvo]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 23:59 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-11 18:30 243072]
"hrgtlijp"="C:\Windows\system32\dsnmvgbu.exe" [2008-05-02 10:47 102400]
"mphbyfty"="C:\Windows\system32\vuhkdmne.exe" [2008-05-02 14:22 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 03:17 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 4669440 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 07:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 07:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 07:15 81920]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"PlayMovie"="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 23:24 178280]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
"OlStatusMon"="C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" [2007-06-08 17:59 253952]
"WinampAgent"="C:\Applications\Winamp\winampa.exe" [2008-04-01 20:49 36352]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-26 00:06:56 692224]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 15:07:53 124400]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"zRo7aIsDo0"= C:\ProgramData\vqpujktg\tydmvwbe.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CE86878F-D099-4FFC-A4DC-E51D192063B1}"= C:\Windows\system32\vtUnnkih.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{431AB345-E0A6-4C85-BDEC-D5A2F7DCA4C5}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie
"{288DA44A-DDFE-4589-BDAC-B81E233AD6FE}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program
"{3D25D7E7-55C6-4D5C-ADB3-7979058DE8F7}"= Disabled:UDP:J:\incredimail_install.exe:IncrediMail Installer
"{15913542-9956-40A3-A70B-1339E8005C29}"= Disabled:TCP:J:\incredimail_install.exe:IncrediMail Installer
"TCP Query User{4D6BD0DD-E2C0-4CFA-9121-AD3E89BF39AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{8A6266E1-41F3-4F65-8721-26E67CBD8FF6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{7BDC1CC2-4EBA-4DDC-8D89-5E3A8BF3BBF6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{47AAB630-75B5-40B9-BB95-CA38926F3FE8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F0FEC60F-2E29-4066-9E47-A85622293212}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{569A85CE-AFC0-4144-A228-A651C5AD9C98}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6D577914-F286-41E3-A245-4D8812281F2C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3A43CC2C-184F-4E9D-BA12-9E7C19187986}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9249FB15-B0B8-4A91-9E78-AF414730F2EE}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{BEB6E449-6DA8-4840-876E-521736479AA9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BDA9C72F-F593-4EC7-95C0-3F0F031DCD03}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{64318CD0-3538-4843-83E3-B351AC88101B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{98E8207E-0167-402B-BDD7-2762FF1E81C4}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{21C0CDD2-1A57-47A9-BC63-77A9598D90C9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{52A39AE2-71F5-4DDF-B91A-237B1B7C841D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B351C4A1-0A7F-4770-B67D-14B77BE7806F}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{F5CB5B13-125F-4A95-99D3-408DD2D32970}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{D4F9A6BE-01B3-48E6-9F5D-29DDC72C2F66}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{0BEE34E7-EDAA-4198-BE76-7B001282AC91}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 pca-firewall;pca-firewall;C:\Windows\system32\drivers\pca-firewall.sys [2008-05-02 13:47]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\[u]0/u00.fcl [2007-08-31 16:24]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 olMntrService;Olivetti Monitor Service;"C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe" [2007-06-08 17:58]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11914274-c561-11dc-bd82-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 14:22:26
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Users\Les Ménager\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1203 bytes hidden from API
Scan termin‚ avec succŠs
Les fichiers cach‚s: 11
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Applications\Avast\aswUpdSv.exe
C:\Applications\Avast\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Applications\Avast\ashWebSv.exe
C:\Applications\Avast\ashMaiSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 14:26:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 12:26:02
Pre-Run: 119,379,795,968 octets libres
Post-Run: 119,611,265,024 octets libres
316 --- E O F --- 2008-05-02 06:43:34