Probleme "pc antispyware"

Résolu/Fermé
remi - 2 mai 2008 à 14:07
 remi - 2 mai 2008 à 19:01
Bonjour,
j'ai un probleme, j'ai installe "pc antispyware" tout a l'heure et depuis plus moyen de le desinstaller ou de l'arreter,si je tente quoi que ce soit j'ai le droit a un ecran bleu et un reboot....

merci de m'aider
A voir également:

10 réponses

Utilisateur anonyme
2 mai 2008 à 14:12
slt,


colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

-----------------


Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
ComboFix 08-05-01.1 - Les Ménager 2008-05-02 14:16:59.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2057 [GMT 2:00]
Endroit: C:\Users\Les Ménager\Desktop\Combo-Fix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\com\pcsd.dll
C:\Program Files\PC-Cleaner\PC-Cleaner.db
C:\Program Files\PC-Cleaner\PC-Cleaner.exe
C:\Program Files\PC-Cleaner\pccleaner.pkg
C:\Program Files\PC-Cleaner\program.info
C:\Program Files\PC-Cleaner\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Users\Les Ménager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Windows\.protected
C:\Windows\a.bat
C:\Windows\bdn.com
C:\Windows\iTunesMusic.exe
C:\Windows\mslagent
C:\Windows\mssecu.exe
C:\Windows\qadovnel.dll
C:\Windows\spwoqbmv.exe
C:\Windows\system32\ddcBsrPj.dll
C:\Windows\system32\drivers\etc\.protected
C:\Windows\system32\smp
C:\Windows\system32\smp\msrc.exe
C:\Windows\system32\urqQggeD.dll
C:\Windows\system32\vtUnnkih.dll
C:\Windows\Web\def.htm
C:\Windows\wxdbpfvo.dll
C:\Windows\xbaqktfv.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.

2008-05-02 14:22 . 2008-05-02 14:22 90,112 --a------ C:\Windows\System32\vuhkdmne.exe
2008-05-02 14:15 . 2008-05-02 14:15 <REP> d-------- C:\327882R2FWJFW
2008-05-02 13:47 . 2008-05-02 13:47 25,472 --a------ C:\Windows\System32\drivers\pca-firewall.sys
2008-05-02 13:46 . 2008-05-02 13:47 <REP> d-------- C:\Program Files\PC-Antispyware
2008-05-02 11:13 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\Users\All Users\vqpujktg
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\ProgramData\vqpujktg
2008-04-29 19:54 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\ProgramData\Google Updater
2008-04-19 15:07 . 2008-04-19 15:08 <REP> d-------- C:\Program Files\Google
2008-04-17 13:41 . 2008-04-17 13:41 <REP> d-------- C:\download
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-04-16 19:55 . 2006-05-03 22:53 174,592 --a------ C:\Windows\System32\framedyn.dll
2008-04-16 19:51 . 2008-04-16 19:53 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-04-16 19:51 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
2008-04-16 19:51 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-04-16 19:50 . 2008-04-16 19:50 <REP> d-------- C:\Program Files\Samsung
2008-04-16 19:13 . 2008-04-16 19:13 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-12 09:27 . 2008-04-12 09:27 <REP> d-------- C:\Program Files\uTorrent
2008-04-10 00:11 . 2008-04-10 00:11 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-10 00:11 . 2008-04-10 00:11 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-10 00:11 . 2008-04-10 00:11 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-10 00:11 . 2008-04-10 00:11 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 00:11 . 2008-04-10 00:11 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 00:11 . 2008-04-10 00:11 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 00:11 . 2008-04-10 00:11 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 00:11 . 2008-04-10 00:11 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-10 00:11 . 2008-04-10 00:11 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-10 00:10 . 2008-04-10 00:10 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-10 00:09 . 2008-04-10 00:09 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-10 00:08 . 2008-04-10 00:08 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-10 00:08 . 2008-04-10 00:08 24,576 --a------ C:\Windows\System32\dnscacheugc.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 10:47 --------- d-----w C:\Program Files\eMule
2008-04-18 14:35 --------- d-----w C:\Program Files\EA GAMES
2008-04-16 17:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 07:34 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 22:06 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-09 22:06 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-09 22:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-09 22:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-30 17:27 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-30 17:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-30 17:21 --------- d-----w C:\Program Files\Microsoft Works
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 09:00 --------- d-----w C:\Program Files\Image Saver
2008-03-29 08:59 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-03-29 08:59 249,856 ------w C:\Windows\Setup1.exe
2008-03-29 08:18 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR
2008-03-28 13:18 --------- d-----w C:\Program Files\Olivetti
2008-03-27 10:22 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-27 08:16 174 --sha-w C:\Program Files\desktop.ini
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Calendar
2008-03-26 22:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-26 22:10 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-26 22:06 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-26 22:06 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-26 22:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-26 22:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-26 22:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-26 22:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-26 22:05 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-26 22:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-26 22:04 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-26 22:04 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-26 22:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-26 22:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-26 22:04 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-26 22:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-26 22:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-26 22:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-26 22:04 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-26 22:02 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-26 22:02 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-26 22:02 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-26 22:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-26 22:01 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-26 22:01 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-26 21:59 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-26 21:59 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-26 21:59 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-26 21:58 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-26 21:58 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-26 21:58 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-26 21:58 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-26 21:58 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-26 21:57 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-26 21:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-26 21:55 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-26 21:55 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-26 18:11 --------- d-----w C:\Program Files\Windows Live
2008-03-26 18:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-26 18:09 --------- d-----w C:\ProgramData\WLInstaller
2008-03-26 17:04 --------- d-----w C:\ProgramData\IM
2008-03-26 17:03 --------- d-----w C:\ProgramData\IncrediMail
2008-03-26 17:03 --------- d-----w C:\Program Files\IncrediMail
2008-03-26 08:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-25 22:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\LogiShrd
2008-03-25 22:06 --------- d-----w C:\Program Files\Logitech
2008-03-25 22:04 --------- d-----w C:\ProgramData\Symantec
2008-03-25 21:46 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-25 21:46 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-25 21:46 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-25 21:46 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-25 21:45 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-25 21:45 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-25 21:45 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-25 21:45 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-25 21:45 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-25 20:51 --------- d-----w C:\Program Files\Yahoo!
2008-03-25 19:07 --------- d-----w C:\ProgramData\CyberLink
2008-03-25 19:06 --------- d-----w C:\Program Files\Acer Arcade Live
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Modèles
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Favoris
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Bureau
2008-03-25 19:02 --------- d-sh--w C:\Program Files\Fichiers communs
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
2008-05-02 13:47 176128 --a------ C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B}"= "C:\Windows\wxdbpfvo.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{3e1a7455-8f94-40b1-a2a8-4fe1a5264f8b}]
[HKEY_CLASSES_ROOT\wxdbpfvo.1]
[HKEY_CLASSES_ROOT\TypeLib\{C8DFBEB7-935F-4DC6-A9F9-DBDD0D32E54C}]
[HKEY_CLASSES_ROOT\wxdbpfvo]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 23:59 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-11 18:30 243072]
"hrgtlijp"="C:\Windows\system32\dsnmvgbu.exe" [2008-05-02 10:47 102400]
"mphbyfty"="C:\Windows\system32\vuhkdmne.exe" [2008-05-02 14:22 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 03:17 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 4669440 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 07:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 07:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 07:15 81920]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"PlayMovie"="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 23:24 178280]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
"OlStatusMon"="C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" [2007-06-08 17:59 253952]
"WinampAgent"="C:\Applications\Winamp\winampa.exe" [2008-04-01 20:49 36352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-26 00:06:56 692224]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 15:07:53 124400]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"zRo7aIsDo0"= C:\ProgramData\vqpujktg\tydmvwbe.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CE86878F-D099-4FFC-A4DC-E51D192063B1}"= C:\Windows\system32\vtUnnkih.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{431AB345-E0A6-4C85-BDEC-D5A2F7DCA4C5}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie
"{288DA44A-DDFE-4589-BDAC-B81E233AD6FE}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program
"{3D25D7E7-55C6-4D5C-ADB3-7979058DE8F7}"= Disabled:UDP:J:\incredimail_install.exe:IncrediMail Installer
"{15913542-9956-40A3-A70B-1339E8005C29}"= Disabled:TCP:J:\incredimail_install.exe:IncrediMail Installer
"TCP Query User{4D6BD0DD-E2C0-4CFA-9121-AD3E89BF39AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{8A6266E1-41F3-4F65-8721-26E67CBD8FF6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{7BDC1CC2-4EBA-4DDC-8D89-5E3A8BF3BBF6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{47AAB630-75B5-40B9-BB95-CA38926F3FE8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F0FEC60F-2E29-4066-9E47-A85622293212}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{569A85CE-AFC0-4144-A228-A651C5AD9C98}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6D577914-F286-41E3-A245-4D8812281F2C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3A43CC2C-184F-4E9D-BA12-9E7C19187986}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9249FB15-B0B8-4A91-9E78-AF414730F2EE}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{BEB6E449-6DA8-4840-876E-521736479AA9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BDA9C72F-F593-4EC7-95C0-3F0F031DCD03}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{64318CD0-3538-4843-83E3-B351AC88101B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{98E8207E-0167-402B-BDD7-2762FF1E81C4}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{21C0CDD2-1A57-47A9-BC63-77A9598D90C9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{52A39AE2-71F5-4DDF-B91A-237B1B7C841D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B351C4A1-0A7F-4770-B67D-14B77BE7806F}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{F5CB5B13-125F-4A95-99D3-408DD2D32970}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{D4F9A6BE-01B3-48E6-9F5D-29DDC72C2F66}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{0BEE34E7-EDAA-4198-BE76-7B001282AC91}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 pca-firewall;pca-firewall;C:\Windows\system32\drivers\pca-firewall.sys [2008-05-02 13:47]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\[u]0/u00.fcl [2007-08-31 16:24]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 olMntrService;Olivetti Monitor Service;"C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe" [2007-06-08 17:58]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11914274-c561-11dc-bd82-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 14:22:26
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Users\Les Ménager\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1203 bytes hidden from API

Scan termin‚ avec succŠs
Les fichiers cach‚s: 11

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Applications\Avast\aswUpdSv.exe
C:\Applications\Avast\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Applications\Avast\ashWebSv.exe
C:\Applications\Avast\ashMaiSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 14:26:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 12:26:02

Pre-Run: 119,379,795,968 octets libres
Post-Run: 119,611,265,024 octets libres

316 --- E O F --- 2008-05-02 06:43:34
0
ComboFix 08-05-01.1 - Les Ménager 2008-05-02 14:16:59.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2057 [GMT 2:00]
Endroit: C:\Users\Les Ménager\Desktop\Combo-Fix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\com\pcsd.dll
C:\Program Files\PC-Cleaner\PC-Cleaner.db
C:\Program Files\PC-Cleaner\PC-Cleaner.exe
C:\Program Files\PC-Cleaner\pccleaner.pkg
C:\Program Files\PC-Cleaner\program.info
C:\Program Files\PC-Cleaner\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Users\Les Ménager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Windows\.protected
C:\Windows\a.bat
C:\Windows\bdn.com
C:\Windows\iTunesMusic.exe
C:\Windows\mslagent
C:\Windows\mssecu.exe
C:\Windows\qadovnel.dll
C:\Windows\spwoqbmv.exe
C:\Windows\system32\ddcBsrPj.dll
C:\Windows\system32\drivers\etc\.protected
C:\Windows\system32\smp
C:\Windows\system32\smp\msrc.exe
C:\Windows\system32\urqQggeD.dll
C:\Windows\system32\vtUnnkih.dll
C:\Windows\Web\def.htm
C:\Windows\wxdbpfvo.dll
C:\Windows\xbaqktfv.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.

2008-05-02 14:22 . 2008-05-02 14:22 90,112 --a------ C:\Windows\System32\vuhkdmne.exe
2008-05-02 14:15 . 2008-05-02 14:15 <REP> d-------- C:\327882R2FWJFW
2008-05-02 13:47 . 2008-05-02 13:47 25,472 --a------ C:\Windows\System32\drivers\pca-firewall.sys
2008-05-02 13:46 . 2008-05-02 13:47 <REP> d-------- C:\Program Files\PC-Antispyware
2008-05-02 11:13 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\Users\All Users\vqpujktg
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\ProgramData\vqpujktg
2008-04-29 19:54 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\ProgramData\Google Updater
2008-04-19 15:07 . 2008-04-19 15:08 <REP> d-------- C:\Program Files\Google
2008-04-17 13:41 . 2008-04-17 13:41 <REP> d-------- C:\download
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-04-16 19:55 . 2006-05-03 22:53 174,592 --a------ C:\Windows\System32\framedyn.dll
2008-04-16 19:51 . 2008-04-16 19:53 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-04-16 19:51 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
2008-04-16 19:51 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-04-16 19:50 . 2008-04-16 19:50 <REP> d-------- C:\Program Files\Samsung
2008-04-16 19:13 . 2008-04-16 19:13 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-12 09:27 . 2008-04-12 09:27 <REP> d-------- C:\Program Files\uTorrent
2008-04-10 00:11 . 2008-04-10 00:11 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-10 00:11 . 2008-04-10 00:11 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-10 00:11 . 2008-04-10 00:11 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-10 00:11 . 2008-04-10 00:11 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 00:11 . 2008-04-10 00:11 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 00:11 . 2008-04-10 00:11 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 00:11 . 2008-04-10 00:11 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 00:11 . 2008-04-10 00:11 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-10 00:11 . 2008-04-10 00:11 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-10 00:10 . 2008-04-10 00:10 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-10 00:09 . 2008-04-10 00:09 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-10 00:08 . 2008-04-10 00:08 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-10 00:08 . 2008-04-10 00:08 24,576 --a------ C:\Windows\System32\dnscacheugc.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 10:47 --------- d-----w C:\Program Files\eMule
2008-04-18 14:35 --------- d-----w C:\Program Files\EA GAMES
2008-04-16 17:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 07:34 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 22:06 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-09 22:06 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-09 22:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-09 22:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-30 17:27 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-30 17:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-30 17:21 --------- d-----w C:\Program Files\Microsoft Works
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 09:00 --------- d-----w C:\Program Files\Image Saver
2008-03-29 08:59 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-03-29 08:59 249,856 ------w C:\Windows\Setup1.exe
2008-03-29 08:18 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR
2008-03-28 13:18 --------- d-----w C:\Program Files\Olivetti
2008-03-27 10:22 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-27 08:16 174 --sha-w C:\Program Files\desktop.ini
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Calendar
2008-03-26 22:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-26 22:10 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-26 22:06 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-26 22:06 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-26 22:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-26 22:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-26 22:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-26 22:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-26 22:05 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-26 22:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-26 22:04 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-26 22:04 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-26 22:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-26 22:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-26 22:04 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-26 22:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-26 22:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-26 22:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-26 22:04 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-26 22:02 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-26 22:02 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-26 22:02 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-26 22:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-26 22:01 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-26 22:01 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-26 21:59 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-26 21:59 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-26 21:59 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-26 21:58 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-26 21:58 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-26 21:58 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-26 21:58 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-26 21:58 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-26 21:57 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-26 21:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-26 21:55 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-26 21:55 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-26 18:11 --------- d-----w C:\Program Files\Windows Live
2008-03-26 18:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-26 18:09 --------- d-----w C:\ProgramData\WLInstaller
2008-03-26 17:04 --------- d-----w C:\ProgramData\IM
2008-03-26 17:03 --------- d-----w C:\ProgramData\IncrediMail
2008-03-26 17:03 --------- d-----w C:\Program Files\IncrediMail
2008-03-26 08:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-25 22:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\LogiShrd
2008-03-25 22:06 --------- d-----w C:\Program Files\Logitech
2008-03-25 22:04 --------- d-----w C:\ProgramData\Symantec
2008-03-25 21:46 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-25 21:46 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-25 21:46 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-25 21:46 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-25 21:45 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-25 21:45 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-25 21:45 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-25 21:45 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-25 21:45 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-25 20:51 --------- d-----w C:\Program Files\Yahoo!
2008-03-25 19:07 --------- d-----w C:\ProgramData\CyberLink
2008-03-25 19:06 --------- d-----w C:\Program Files\Acer Arcade Live
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Modèles
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Favoris
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Bureau
2008-03-25 19:02 --------- d-sh--w C:\Program Files\Fichiers communs
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
2008-05-02 13:47 176128 --a------ C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B}"= "C:\Windows\wxdbpfvo.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{3e1a7455-8f94-40b1-a2a8-4fe1a5264f8b}]
[HKEY_CLASSES_ROOT\wxdbpfvo.1]
[HKEY_CLASSES_ROOT\TypeLib\{C8DFBEB7-935F-4DC6-A9F9-DBDD0D32E54C}]
[HKEY_CLASSES_ROOT\wxdbpfvo]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 23:59 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-11 18:30 243072]
"hrgtlijp"="C:\Windows\system32\dsnmvgbu.exe" [2008-05-02 10:47 102400]
"mphbyfty"="C:\Windows\system32\vuhkdmne.exe" [2008-05-02 14:22 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 03:17 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 4669440 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 07:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 07:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 07:15 81920]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"PlayMovie"="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 23:24 178280]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
"OlStatusMon"="C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" [2007-06-08 17:59 253952]
"WinampAgent"="C:\Applications\Winamp\winampa.exe" [2008-04-01 20:49 36352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-26 00:06:56 692224]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 15:07:53 124400]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"zRo7aIsDo0"= C:\ProgramData\vqpujktg\tydmvwbe.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CE86878F-D099-4FFC-A4DC-E51D192063B1}"= C:\Windows\system32\vtUnnkih.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{431AB345-E0A6-4C85-BDEC-D5A2F7DCA4C5}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie
"{288DA44A-DDFE-4589-BDAC-B81E233AD6FE}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program
"{3D25D7E7-55C6-4D5C-ADB3-7979058DE8F7}"= Disabled:UDP:J:\incredimail_install.exe:IncrediMail Installer
"{15913542-9956-40A3-A70B-1339E8005C29}"= Disabled:TCP:J:\incredimail_install.exe:IncrediMail Installer
"TCP Query User{4D6BD0DD-E2C0-4CFA-9121-AD3E89BF39AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{8A6266E1-41F3-4F65-8721-26E67CBD8FF6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{7BDC1CC2-4EBA-4DDC-8D89-5E3A8BF3BBF6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{47AAB630-75B5-40B9-BB95-CA38926F3FE8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F0FEC60F-2E29-4066-9E47-A85622293212}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{569A85CE-AFC0-4144-A228-A651C5AD9C98}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6D577914-F286-41E3-A245-4D8812281F2C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3A43CC2C-184F-4E9D-BA12-9E7C19187986}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9249FB15-B0B8-4A91-9E78-AF414730F2EE}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{BEB6E449-6DA8-4840-876E-521736479AA9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BDA9C72F-F593-4EC7-95C0-3F0F031DCD03}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{64318CD0-3538-4843-83E3-B351AC88101B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{98E8207E-0167-402B-BDD7-2762FF1E81C4}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{21C0CDD2-1A57-47A9-BC63-77A9598D90C9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{52A39AE2-71F5-4DDF-B91A-237B1B7C841D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B351C4A1-0A7F-4770-B67D-14B77BE7806F}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{F5CB5B13-125F-4A95-99D3-408DD2D32970}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{D4F9A6BE-01B3-48E6-9F5D-29DDC72C2F66}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{0BEE34E7-EDAA-4198-BE76-7B001282AC91}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 pca-firewall;pca-firewall;C:\Windows\system32\drivers\pca-firewall.sys [2008-05-02 13:47]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\[u]0/u00.fcl [2007-08-31 16:24]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 olMntrService;Olivetti Monitor Service;"C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe" [2007-06-08 17:58]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11914274-c561-11dc-bd82-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 14:22:26
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Users\Les Ménager\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1203 bytes hidden from API

Scan termin‚ avec succŠs
Les fichiers cach‚s: 11

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Applications\Avast\aswUpdSv.exe
C:\Applications\Avast\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Applications\Avast\ashWebSv.exe
C:\Applications\Avast\ashMaiSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 14:26:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 12:26:02

Pre-Run: 119,379,795,968 octets libres
Post-Run: 119,611,265,024 octets libres

316 --- E O F --- 2008-05-02 06:43:34
0
ComboFix 08-05-01.1 - Les Ménager 2008-05-02 14:16:59.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2057 [GMT 2:00]
Endroit: C:\Users\Les Ménager\Desktop\Combo-Fix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\com\pcsd.dll
C:\Program Files\PC-Cleaner\PC-Cleaner.db
C:\Program Files\PC-Cleaner\PC-Cleaner.exe
C:\Program Files\PC-Cleaner\pccleaner.pkg
C:\Program Files\PC-Cleaner\program.info
C:\Program Files\PC-Cleaner\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Users\Les Ménager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.protected
C:\Windows\.protected
C:\Windows\a.bat
C:\Windows\bdn.com
C:\Windows\iTunesMusic.exe
C:\Windows\mslagent
C:\Windows\mssecu.exe
C:\Windows\qadovnel.dll
C:\Windows\spwoqbmv.exe
C:\Windows\system32\ddcBsrPj.dll
C:\Windows\system32\drivers\etc\.protected
C:\Windows\system32\smp
C:\Windows\system32\smp\msrc.exe
C:\Windows\system32\urqQggeD.dll
C:\Windows\system32\vtUnnkih.dll
C:\Windows\Web\def.htm
C:\Windows\wxdbpfvo.dll
C:\Windows\xbaqktfv.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.

2008-05-02 14:22 . 2008-05-02 14:22 90,112 --a------ C:\Windows\System32\vuhkdmne.exe
2008-05-02 14:15 . 2008-05-02 14:15 <REP> d-------- C:\327882R2FWJFW
2008-05-02 13:47 . 2008-05-02 13:47 25,472 --a------ C:\Windows\System32\drivers\pca-firewall.sys
2008-05-02 13:46 . 2008-05-02 13:47 <REP> d-------- C:\Program Files\PC-Antispyware
2008-05-02 11:13 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\Users\All Users\vqpujktg
2008-05-02 10:47 . 2008-05-02 10:47 <REP> d-------- C:\ProgramData\vqpujktg
2008-04-29 19:54 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-19 15:07 . 2008-05-02 12:38 <REP> d-------- C:\ProgramData\Google Updater
2008-04-19 15:07 . 2008-04-19 15:08 <REP> d-------- C:\Program Files\Google
2008-04-17 13:41 . 2008-04-17 13:41 <REP> d-------- C:\download
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-04-17 08:50 . 2008-04-17 08:50 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-04-16 19:55 . 2006-05-03 22:53 174,592 --a------ C:\Windows\System32\framedyn.dll
2008-04-16 19:51 . 2008-04-16 19:53 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-04-16 19:51 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
2008-04-16 19:51 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-04-16 19:50 . 2008-04-16 19:50 <REP> d-------- C:\Program Files\Samsung
2008-04-16 19:13 . 2008-04-16 19:13 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-12 09:27 . 2008-04-12 09:27 <REP> d-------- C:\Program Files\uTorrent
2008-04-10 00:11 . 2008-04-10 00:11 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-10 00:11 . 2008-04-10 00:11 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-10 00:11 . 2008-04-10 00:11 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-10 00:11 . 2008-04-10 00:11 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 00:11 . 2008-04-10 00:11 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 00:11 . 2008-04-10 00:11 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 00:11 . 2008-04-10 00:11 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 00:11 . 2008-04-10 00:11 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-10 00:11 . 2008-04-10 00:11 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-10 00:10 . 2008-04-10 00:10 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-10 00:09 . 2008-04-10 00:09 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-10 00:08 . 2008-04-10 00:08 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-10 00:08 . 2008-04-10 00:08 24,576 --a------ C:\Windows\System32\dnscacheugc.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 10:47 --------- d-----w C:\Program Files\eMule
2008-04-18 14:35 --------- d-----w C:\Program Files\EA GAMES
2008-04-16 17:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 07:34 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 22:06 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-09 22:06 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-09 22:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-09 22:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-30 17:27 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-30 17:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-30 17:21 --------- d-----w C:\Program Files\Microsoft Works
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 09:00 --------- d-----w C:\Program Files\Image Saver
2008-03-29 08:59 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-03-29 08:59 249,856 ------w C:\Windows\Setup1.exe
2008-03-29 08:18 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR
2008-03-28 13:18 --------- d-----w C:\Program Files\Olivetti
2008-03-27 10:22 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-27 08:16 174 --sha-w C:\Program Files\desktop.ini
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-27 08:13 --------- d-----w C:\Program Files\Windows Calendar
2008-03-26 22:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-26 22:10 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-26 22:06 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-26 22:06 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-26 22:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-26 22:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-26 22:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-26 22:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-26 22:05 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-26 22:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-26 22:04 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-26 22:04 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-26 22:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-26 22:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-26 22:04 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-26 22:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-26 22:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-26 22:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-26 22:04 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-26 22:02 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-26 22:02 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-26 22:02 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-26 22:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-26 22:01 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-26 22:01 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-26 21:59 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-26 21:59 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-26 21:59 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-26 21:58 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-26 21:58 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-26 21:58 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-26 21:58 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-26 21:58 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-26 21:57 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-26 21:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-26 21:55 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-26 21:55 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-26 18:11 --------- d-----w C:\Program Files\Windows Live
2008-03-26 18:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-26 18:09 --------- d-----w C:\ProgramData\WLInstaller
2008-03-26 17:04 --------- d-----w C:\ProgramData\IM
2008-03-26 17:03 --------- d-----w C:\ProgramData\IncrediMail
2008-03-26 17:03 --------- d-----w C:\Program Files\IncrediMail
2008-03-26 08:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-25 22:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\Logitech
2008-03-25 22:06 --------- d-----w C:\ProgramData\LogiShrd
2008-03-25 22:06 --------- d-----w C:\Program Files\Logitech
2008-03-25 22:04 --------- d-----w C:\ProgramData\Symantec
2008-03-25 21:46 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-25 21:46 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-25 21:46 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-25 21:46 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-25 21:45 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-25 21:45 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-25 21:45 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-25 21:45 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-25 21:45 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-25 20:51 --------- d-----w C:\Program Files\Yahoo!
2008-03-25 19:07 --------- d-----w C:\ProgramData\CyberLink
2008-03-25 19:06 --------- d-----w C:\Program Files\Acer Arcade Live
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Modèles
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Favoris
2008-03-25 19:02 --------- d-sh--w C:\ProgramData\Bureau
2008-03-25 19:02 --------- d-sh--w C:\Program Files\Fichiers communs
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
2008-05-02 13:47 176128 --a------ C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B}"= "C:\Windows\wxdbpfvo.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{3e1a7455-8f94-40b1-a2a8-4fe1a5264f8b}]
[HKEY_CLASSES_ROOT\wxdbpfvo.1]
[HKEY_CLASSES_ROOT\TypeLib\{C8DFBEB7-935F-4DC6-A9F9-DBDD0D32E54C}]
[HKEY_CLASSES_ROOT\wxdbpfvo]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 23:59 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-03-11 18:30 243072]
"hrgtlijp"="C:\Windows\system32\dsnmvgbu.exe" [2008-05-02 10:47 102400]
"mphbyfty"="C:\Windows\system32\vuhkdmne.exe" [2008-05-02 14:22 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 03:17 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 13:06 4669440 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 07:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 07:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 07:15 81920]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"PlayMovie"="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 23:24 178280]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
"OlStatusMon"="C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" [2007-06-08 17:59 253952]
"WinampAgent"="C:\Applications\Winamp\winampa.exe" [2008-04-01 20:49 36352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-26 00:06:56 692224]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 15:07:53 124400]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"zRo7aIsDo0"= C:\ProgramData\vqpujktg\tydmvwbe.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CE86878F-D099-4FFC-A4DC-E51D192063B1}"= C:\Windows\system32\vtUnnkih.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{431AB345-E0A6-4C85-BDEC-D5A2F7DCA4C5}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie
"{288DA44A-DDFE-4589-BDAC-B81E233AD6FE}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program
"{3D25D7E7-55C6-4D5C-ADB3-7979058DE8F7}"= Disabled:UDP:J:\incredimail_install.exe:IncrediMail Installer
"{15913542-9956-40A3-A70B-1339E8005C29}"= Disabled:TCP:J:\incredimail_install.exe:IncrediMail Installer
"TCP Query User{4D6BD0DD-E2C0-4CFA-9121-AD3E89BF39AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{8A6266E1-41F3-4F65-8721-26E67CBD8FF6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{7BDC1CC2-4EBA-4DDC-8D89-5E3A8BF3BBF6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{47AAB630-75B5-40B9-BB95-CA38926F3FE8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F0FEC60F-2E29-4066-9E47-A85622293212}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{569A85CE-AFC0-4144-A228-A651C5AD9C98}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{6D577914-F286-41E3-A245-4D8812281F2C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3A43CC2C-184F-4E9D-BA12-9E7C19187986}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9249FB15-B0B8-4A91-9E78-AF414730F2EE}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{BEB6E449-6DA8-4840-876E-521736479AA9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BDA9C72F-F593-4EC7-95C0-3F0F031DCD03}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{64318CD0-3538-4843-83E3-B351AC88101B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{98E8207E-0167-402B-BDD7-2762FF1E81C4}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{21C0CDD2-1A57-47A9-BC63-77A9598D90C9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{52A39AE2-71F5-4DDF-B91A-237B1B7C841D}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B351C4A1-0A7F-4770-B67D-14B77BE7806F}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{F5CB5B13-125F-4A95-99D3-408DD2D32970}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{D4F9A6BE-01B3-48E6-9F5D-29DDC72C2F66}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{0BEE34E7-EDAA-4198-BE76-7B001282AC91}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 pca-firewall;pca-firewall;C:\Windows\system32\drivers\pca-firewall.sys [2008-05-02 13:47]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\[u]0/u00.fcl [2007-08-31 16:24]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 olMntrService;Olivetti Monitor Service;"C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe" [2007-06-08 17:58]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11914274-c561-11dc-bd82-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 14:22:26
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Users\Les Ménager\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1203 bytes hidden from API

Scan termin‚ avec succŠs
Les fichiers cach‚s: 11

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Applications\Avast\aswUpdSv.exe
C:\Applications\Avast\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Applications\Avast\ashWebSv.exe
C:\Applications\Avast\ashMaiSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 14:26:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 12:26:02

Pre-Run: 119,379,795,968 octets libres
Post-Run: 119,611,265,024 octets libres

316 --- E O F --- 2008-05-02 06:43:34
0
rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 14:36:54, on 02/05/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\ProgramData\vqpujktg\tydmvwbe.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Applications\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\dsnmvgbu.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\Windows\wxdbpfvo.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [WinampAgent] C:\Applications\Winamp\winampa.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [hrgtlijp] C:\Windows\system32\dsnmvgbu.exe
O4 - HKCU\..\Run: [mphbyfty] C:\Windows\system32\vuhkdmne.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Applications\Avast\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Applications\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Applications\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Applications\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
0
Utilisateur anonyme
2 mai 2008 à 14:41
ok coches ces lignes puis cliques sur fix cheded.

O4 - HKCU\..\Run: [hrgtlijp] C:\Windows\system32\dsnmvgbu.exe
O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\Windows\wxdbpfvo.dll (file missing)
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
C:\Windows\System32\dsnmvgbu.exe
C:\ProgramData\vqpujktg\tydmvwbe.exe


VOILA ET ACTIVE TON PARE-FEU .
0
dans quel utilitaire dois je cocher ces cases??? j'ai ferme les fenetres,je relance le test??????
0
Utilisateur anonyme
2 mai 2008 à 14:46
Tu ouvres HiJackThis tu refais une analyse comme tu fais et a coter de ces lignes tu coches ces case "juste celle que je t'ai dit" puis tu cliques sur fix cheded.
0
j'ai refait et coche puis cliquer sur fixer les objets. en revanche je n'avais pas les lignes C:\Windows\System32\dsnmvgbu.exe
C:\ProgramData\vqpujktg\tydmvwbe.exe
0
Utilisateur anonyme
2 mai 2008 à 14:53
Ah bon recherche bien.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
non non mon rapport,enfin pas celui en format ".log" mais celui avec les cases ne commence qu'avec " R0"
0
Utilisateur anonyme
2 mai 2008 à 15:00
Ok essaye de le désinstaller en mode sans échec.

Redémarre en "Mode sans échec"

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
0
super ça a marche!!!!
merci beaucoup de ton aide!!!!!
puis je maintenant desinstaller combofix et hijack this???
0
Utilisateur anonyme
2 mai 2008 à 15:23
Oui puis télécharge ce que je t'es dit.
0
tu ne m'as specifie aucun autre telechargement a part hijackthis et combofix
0
Utilisateur anonyme
2 mai 2008 à 15:30
Excuse fais ceci:

Re alors désinstalle tous tes logiciel de sécurité. Et installe AntiVir,Malwarebytes Anti-Malware et Kerio.

AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
Tutoriel AntiVir: https://www.malekal.com/avira-free-security-antivirus-gratuit/

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

Kerio: https://www.01net.com/outils/telecharger/windows/Securite/firewall/fiches/tele22418.html
Tutoriel Kerio: https://forums.cnetfrance.fr

PS: TU LES INSTALLES SEULEMENT. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE. VOILA FAIT VITE.
0
merci pour tout!!!!
0
Utilisateur anonyme
2 mai 2008 à 15:35
DE RIEN @+
0
mes ennuis continuent: maintenant il y a assez souvent une alerte me disant que mon pc est infecte et que bien sur il faut telecharger un logiciel pour y remedier......... j'ai vu sur le net que pas mal de gens ont ce problemes...

merci de m'aider parcque la je suis perdu!!!
0