Virus TR/Vuondo.gen et TR/Cryt.XPACK.Gen Fermé

Question

Bonjour,

Néophyte en informatique, j'ai un gros problème : après avoir télécharger un crack, les virus TR/Crypt.XPACK.Gen et TR/Vundo.Gen sont apparus sur mon pc occasionnant l'apparition au démarrage de fenêtre "AntiVir Guard: Attention, Detection!" pour ces 2 virus. Problème : impossible d'agir sur ces fenetres qui apparaissent sans cesse et que je ne peux pas fermer. De plus je ne peux pas ouvrir l'explorateur windows pour accéder à mes lecteurs.

Quelqu'un peut m'aider ???

Merci d'avance

jlpjlp · Answer

slt 


vire tes cracks

_____________

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

__________

virtumondebegone  (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 
____________

colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Jeep79 · Answer

Le problème c'est que pour virer mes cracks, il faut que j'accède au répertoire sur mon disque dur, mais impossible, ça ne répond pas et ça m'affiche la fenetre "AntiVir Guard: Attention, Detection!".

jlpjlp · Answer

passe a la suite

Jeep79 · Answer

Problème pendant le scan de VuondoFix, il bug pendant le scan du fichier C:\Windows\System32\javaws.exe et la fenetre de detection AntiVir s'ouvre.

Est-ce de ce fichier que vient le probleme ?

Jeep79 · Answer

Please !!! Quelqu'un peut m'aider ???

jlpjlp · Answer

ok



désactive antivir , deconnecte toi du net puis





Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

__________

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
______________



Télécharge Combofix de sUBs :  aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.



____________

colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Jeep79 · Answer

J'ai lancé un scan VundoFix mais il n'a rien trouvé. 

Voici le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:14, on 11/07/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Acer Aspire\Desktop\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {95a87c93-bb76-473b-0224-45e82e834dea} - {aed438e2-8e54-4220-b374-67bb39c78a59} - C:\Windows\system32\yiaamh.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CA514A39-F705-4F17-B3C1-8282E8A33B39} - C:\Windows\system32\pmnllLDt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

jlpjlp · Answer

ok
il ne faut qu'un seul antivirus par ordi!!!! et avoir des antiespion et la tu n'en as aucun!


vire en deux antivirus:  avast  et suivant si tu paye norton ou antivir  sinon l'ordi va planter et ramer!!!!!!

pour virer avast:
https://www.avast.com/fr-fr/uninstall-utility


pour virer norton
https://www.pcastuces.com/newsletter/adj/1630.htm


______________

comme je risque d'etre occupé fait tout ceci


scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

________________

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
______________



Télécharge Combofix de sUBs : aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

_________________
recolle un nouvel hijackthis

Jeep79 · Answer

Enfin...

Le rapport MalwareByte's Anti-Malware :

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 930
Windows 6.0.6000 

22:54:09 11/07/2008
mbam-log-7-11-2008 (22-54-09).txt

Type de recherche: Examen complet (C:\|D:\|K:\|L:\|)
Eléments examinés: 288684
Temps écoulé: 1 hour(s), 32 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca514a39-f705-4f17-b3c1-8282e8a33b39} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca514a39-f705-4f17-b3c1-8282e8a33b39} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\pmnllLDt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32	DLllnmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32	DLllnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.


Le rapport virtumondebegone :


[07/11/2008, 22:59:27] - VirtumundoBeGone v1.5 ( "C:\Users\Acer Aspire\Desktop\VirtumundoBeGone.exe" )
[07/11/2008, 22:59:38] - Detected System Information:
[07/11/2008, 22:59:38] -  Windows Version: 6.0.6000, 
[07/11/2008, 22:59:38] -  Current Username: Acer Aspire (Admin)
[07/11/2008, 22:59:38] -  Windows is in NORMAL mode.
[07/11/2008, 22:59:38] - Searching for Browser Helper Objects:
[07/11/2008, 22:59:38] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/11/2008, 22:59:38] -  BHO 2: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[07/11/2008, 22:59:38] -  BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/11/2008, 22:59:38] -  BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/11/2008, 22:59:38] -  BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/11/2008, 22:59:38] -  BHO 6: {aed438e2-8e54-4220-b374-67bb39c78a59} ()
[07/11/2008, 22:59:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/11/2008, 22:59:38] -  Checking for HKLM\...\Winlogon\Notify\yiaamh
[07/11/2008, 22:59:38] -  Key not found: HKLM\...\Winlogon\Notify\yiaamh, continuing.
[07/11/2008, 22:59:38] -  BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/11/2008, 22:59:38] -  BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/11/2008, 22:59:38] - Finished Searching Browser Helper Objects
[07/11/2008, 22:59:38] - Finishing up...
[07/11/2008, 22:59:38] - Nothing found! Exiting...

Le rapport combofix :

ComboFix 08-07-11.1 - Acer Aspire 2008-07-11 23:22:31.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1144 [GMT 2:00]
Endroit: C:\Users\Acer Aspire\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
K:\Autorun.inf

.
(((((((((((((((((((((((((((((   Fichiers créés 2008-06-11 to 2008-07-11  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 21:20	---------	d---a-w	C:\ProgramData\TEMP
2008-07-11 19:17	---------	d-----w	C:\Program Files\Alwil Software
2008-07-11 19:08	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-07-11 19:04	---------	d-----w	C:\ProgramData\Symantec
2008-07-11 19:04	---------	d-----w	C:\Program Files\Symantec
2008-07-11 17:46	90,624	----a-w	C:\Windows\System32\jqfvsmjj.dll
2008-07-11 13:57	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\Malwarebytes
2008-07-11 13:57	---------	d-----w	C:\ProgramData\Malwarebytes
2008-07-11 13:57	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 11:44	103,424	----a-w	C:\Windows\System32\yiaamh.dll
2008-07-11 11:44	103,424	----a-w	C:\Windows\System32\jmwergeu.dll
2008-07-11 11:30	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\EoRezo
2008-07-11 11:28	---------	d-----w	C:\ProgramData\Google Updater
2008-07-11 11:26	90,624	----a-w	C:\Windows\System32\jsblarks.dll
2008-07-11 11:14	---------	d-----w	C:\Program Files\Spyware Doctor
2008-07-11 10:30	---------	d-----w	C:\ProgramData\Avira
2008-07-11 10:30	---------	d-----w	C:\Program Files\Avira
2008-07-11 01:40	---------	d-----w	C:\Program Files\Desktop Maestro
2008-07-11 01:28	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\Desktop Mechanic
2008-07-10 22:33	---------	d-----w	C:\ProgramData\Diskeeper Corporation
2008-07-10 22:33	---------	d-----w	C:\Program Files\Diskeeper Corporation
2008-07-10 19:13	---------	d-----w	C:\ProgramData\LightScribe
2008-07-10 18:56	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\Nero
2008-07-10 18:55	---------	d-----w	C:\Program Files\Common Files\Nero
2008-07-10 18:53	---------	d-----w	C:\ProgramData\Nero
2008-07-10 18:53	---------	d-----w	C:\Program Files\Nero
2008-07-10 17:39	---------	d-----w	C:\Program Files\Google
2008-07-10 09:55	---------	d-----w	C:\ProgramData\Microsoft Help
2008-07-09 21:38	---------	d-----w	C:\Program Files\KONAMI
2008-07-09 20:38	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-07-09 15:35	---------	d-----w	C:\Program Files\BitComet
2008-07-09 14:22	803,328	----a-w	C:\Windows\system32\drivers	cpip.sys
2008-07-09 13:51	---------	d-----w	C:\ProgramData\Skype
2008-07-09 13:38	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\StarOffice8
2008-07-09 13:32	---------	d-----w	C:\Program Files\Windows Mail
2008-07-09 13:00	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\Talkback
2008-07-09 12:22	---------	d-----w	C:\ProgramData\eSobi
2008-07-09 12:10	---------	d-----w	C:\Program Files\Java
2008-07-09 12:00	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\ItsLabel
2008-07-09 11:59	174	--sha-w	C:\Program Files\desktop.ini
2008-07-09 00:16	---------	d-----w	C:\Program Files\Sun
2008-07-09 00:14	---------	d-----w	C:\Program Files\Common Files\Java
2008-07-08 23:58	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-07-08 23:53	---------	d-----w	C:\Program Files\Real
2008-07-08 23:53	---------	d-----w	C:\Program Files\Common Files\xing shared
2008-07-08 23:53	---------	d-----w	C:\Program Files\Common Files\Real
2008-07-08 23:51	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\PC Tools
2008-07-08 23:42	---------	d-----w	C:\Program Files\EoRezo
2008-07-08 20:41	---------	d-----w	C:\Program Files\Picasa2
2008-07-08 20:31	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\DivX
2008-07-08 18:59	2,560	----a-w	C:\Windows\System32\bitcometres.dll
2008-07-08 12:10	---------	d-----w	C:\Program Files\CCleaner
2008-07-08 12:01	---------	d-----w	C:\Program Files\DivX
2008-07-08 12:00	---------	d-----w	C:\Program Files\Common Files\PX Storage Engine
2008-07-07 15:35	34,296	----a-w	C:\Windows\system32\drivers\mbamcatchme.sys
2008-07-07 15:35	17,144	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-07-07 00:25	---------	d-----w	C:\ProgramData\WLInstaller
2008-07-06 18:47	---------	d-----w	C:\Program Files\Windows Live
2008-07-06 18:25	---------	d-----w	C:\Program Files\15355 Webcam Live
2008-07-06 14:57	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\SecondLife
2008-07-06 14:57	---------	d-----w	C:\Program Files\SecondLife
2008-07-06 01:27	---------	d-----w	C:\ProgramData\eMule
2008-07-05 23:03	---------	d-----w	C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-05 23:02	---------	d-----w	C:\Program Files\Windows Live Toolbar
2008-07-05 23:02	---------	d-----w	C:\Program Files\Windows Live Favorites
2008-07-05 22:57	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-05 19:11	---------	d-----w	C:\Program Files\Windows Sidebar
2008-07-05 19:11	---------	d-----w	C:\Program Files\Windows Defender
2008-07-05 19:11	---------	d-----w	C:\Program Files\Windows Calendar
2008-07-05 18:15	704,000	----a-w	C:\Windows\System32\PhotoScreensaver.scr
2008-07-05 18:15	67,584	----a-w	C:\Windows\System32\wlanhlp.dll
2008-07-05 18:15	542,720	----a-w	C:\Windows\System32\sysmain.dll
2008-07-05 18:15	502,784	----a-w	C:\Windows\System32\wlansvc.dll
2008-07-05 18:15	47,104	----a-w	C:\Windows\System32\wlanapi.dll
2008-07-05 18:15	297,984	----a-w	C:\Windows\System32\wlansec.dll
2008-07-05 18:15	290,816	----a-w	C:\Windows\System32\wlanmsm.dll
2008-07-05 18:15	258,232	----a-w	C:\Windows\system32\drivers\acpi.sys
2008-07-05 18:15	24,064	----a-w	C:\Windows\System32\wtsapi32.dll
2008-07-05 18:15	2,923,520	----a-w	C:\Windows\explorer.exe
2008-07-05 18:14	49,664	----a-w	C:\Windows\System32\csrsrv.dll
2008-07-05 18:14	376,320	----a-w	C:\Windows\System32\winsrv.dll
2008-07-05 18:14	194,560	----a-w	C:\Windows\System32\WebClnt.dll
2008-07-05 18:14	110,080	----a-w	C:\Windows\system32\drivers\mrxdav.sys
2008-07-05 18:12	41,984	----a-w	C:\Windows\system32\drivers\monitor.sys
2008-07-05 18:12	1,060,920	----a-w	C:\Windows\system32\drivers
tfs.sys
2008-07-05 18:11	374,456	----a-w	C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-07-05 18:10	8,147,968	----a-w	C:\Windows\System32\wmploc.DLL
2008-07-05 18:10	7,680	----a-w	C:\Windows\System32\spwmp.dll
2008-07-05 18:10	414,208	----a-w	C:\Windows\System32\msscp.dll
2008-07-05 18:10	4,096	----a-w	C:\Windows\System32\dxmasf.dll
2008-07-05 18:10	356,864	----a-w	C:\Windows\System32\MediaMetadataHandler.dll
2008-07-05 18:09	86,016	----a-w	C:\Windows\System32\icfupgd.dll
2008-07-05 18:09	63,488	----a-w	C:\Windows\system32\drivers\mpsdrv.sys
2008-07-05 18:09	61,952	----a-w	C:\Windows\System32\cmifw.dll
2008-07-05 18:09	396,800	----a-w	C:\Windows\System32\MPSSVC.dll
2008-07-05 18:09	392,192	----a-w	C:\Windows\System32\FirewallAPI.dll
2008-07-05 18:09	23,040	----a-w	C:\Windows\system32\drivers	unnel.sys
2008-07-05 18:09	178,688	----a-w	C:\Windows\System32\iphlpsvc.dll
2008-07-05 18:09	16,896	----a-w	C:\Windows\System32\wfapigp.dll
2008-07-05 18:09	15,360	----a-w	C:\Windows\system32\drivers\TUNMP.SYS
.

------- Sigcheck -------

2008-01-19 09:43  891448  fc6e2835d667774d409c7c7021eaf9c4	C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6	cpip.sys
2008-01-14 05:17  803328  5df77458aa92fdb36fce79c60f74ab5d	C:\Windows\SoftwareDistribution\Download\c6d3c2ffe03b8796482aee1c5fc8dc7f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a	cpip.sys
2008-01-14 05:16  806400  52a8bd6294f7d1443c6184c67ae13af4	C:\Windows\SoftwareDistribution\Download\c6d3c2ffe03b8796482aee1c5fc8dc7f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4	cpip.sys
2008-07-09 16:22  803328  82c4070707d100febc3d25cf00b77a4c	C:\Windows\System32\drivers	cpip.sys
2006-11-02 10:58  802816  d944522b048a5feb7700b5170d3d9423	C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4	cpip.sys
2008-07-09 16:22  803328  82c4070707d100febc3d25cf00b77a4c	C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a	cpip.sys
2008-07-05 20:05  806400  52a8bd6294f7d1443c6184c67ae13af4	C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4	cpip.sys
.
(((((((((((((((((((((((((((((   snapshot@2008-07-11_23.14.44.48   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 21:11:38	67,584	--s-a-w	C:\Windows\bootstat.dat
+ 2008-07-11 21:20:07	67,584	--s-a-w	C:\Windows\bootstat.dat
+ 2008-07-11 21:20:07	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-11 21:11:58	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-11 21:21:39	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-11 21:21:39	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat.LOG1
- 2008-07-11 21:11:59	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-11 21:21:44	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-11 21:21:44	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat.LOG1
- 2008-07-11 19:23:17	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-11 21:25:24	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-11 19:23:17	147,456	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-11 21:25:24	147,456	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-11 19:23:17	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-11 21:25:24	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-11 19:24:39	107,676	----a-w	C:\Windows\System32\perfc009.dat
+ 2008-07-11 21:16:49	107,676	----a-w	C:\Windows\System32\perfc009.dat
- 2008-07-11 19:24:39	122,124	----a-w	C:\Windows\System32\perfc00C.dat
+ 2008-07-11 21:16:49	122,124	----a-w	C:\Windows\System32\perfc00C.dat
- 2008-07-11 19:24:39	618,532	----a-w	C:\Windows\System32\perfh009.dat
+ 2008-07-11 21:16:49	618,532	----a-w	C:\Windows\System32\perfh009.dat
- 2008-07-11 19:24:39	700,278	----a-w	C:\Windows\System32\perfh00C.dat
+ 2008-07-11 21:16:49	700,278	----a-w	C:\Windows\System32\perfh00C.dat
- 2008-07-11 19:19:59	9,192	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1296013483-1463708777-1350909624-1000_UserData.bin
+ 2008-07-11 21:22:06	9,628	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1296013483-1463708777-1350909624-1000_UserData.bin
- 2008-07-11 19:19:59	67,686	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-11 21:22:06	67,938	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-11 19:19:57	55,496	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-11 21:22:04	55,592	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aed438e2-8e54-4220-b374-67bb39c78a59}]
2008-07-11 13:44	103424	--a------	C:\Windows\system32\yiaamh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-07-05 19:59 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-03-25 08:38 2196280]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-10 19:09 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"Acer Tour Reminder"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-24 14:53:40 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-04-24 14:32:04 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F95798C9-BF0A-4D20-BD7C-6B38E7FF9FEE}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{A5333138-7820-4A45-A0F8-9FD93BB4D627}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{31A60708-F002-42F4-9908-B33BD16550DD}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{932D4E56-6D5F-4909-A913-8B5947834283}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{B4E3A7E7-6249-4309-B05F-B68B9B030828}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{383C1570-BA3C-4015-8188-2C4B6D3284C4}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{96FB5B8F-6D95-4F7A-809C-7952FC936ACB}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{4FF06BD9-4370-4B76-ACF7-40542F1CF716}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{A3545E1B-C746-447F-9041-B38D5406AB1D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B27F2B2A-F1C3-4E65-8725-F857C07B7BEF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C67C3BCB-0291-4D8F-9CA9-4BF57D85C7A7}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{DBF7A8ED-B293-4716-8148-5AA108AE36BB}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{40DDC69A-DC0A-405B-80EC-9C9E4C45C678}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{65DC4699-0B4D-4B68-8E12-22BA01E57B56}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{71757E92-5C63-40E6-86A2-D01C7D983F1D}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"{81233F9D-0CB6-4AA3-955E-88D8D45AF340}"= UDP:17426:BitComet 17426 TCP
"{A3C24912-71EE-438A-A39D-ABD6437A735C}"= TCP:17426:BitComet 17426 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 18:54]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Contrôle parental;C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 11:13]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 03:52]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-28 05:04]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-09 01:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{535f1c8e-5c51-11dc-8768-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun_PES2008.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd18c72a-83de-11dc-ac00-0019dbacc4a3}]
\shell\AutoRun\command - K:\Info.exe folder.htt 480 480

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-11 21:25:26 C:\Windows\Tasks\User_Feed_Synchronization-{CFB9FBCF-1EDB-4F62-AE77-EB207C39DBA1}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-07-11 20:32:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 23:25:28
Windows 6.0.6000  NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


C:\Users\Acer Aspire\AppData\Local\Microsoft\Messenger\jean-paul.vuong@hotmail.fr\SharingMetadata\Working\database_306C_2B4_6C02_753E\fsr00122.log 131072 bytes

Scan terminé avec succès
Les fichiers cachés: 1

**************************************************************************
.
Temps d'accomplissement: 2008-07-11 23:26:51
ComboFix-quarantined-files.txt  2008-07-11 21:26:34

      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 122,186,395,648 octets libres

259	--- E O F ---	2008-07-10 09:56:12


Et enfin le log hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:20, on 11/07/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32
otepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Acer Aspire\Desktop\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {95a87c93-bb76-473b-0224-45e82e834dea} - {aed438e2-8e54-4220-b374-67bb39c78a59} - C:\Windows\system32\yiaamh.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

Jeep79 · Answer

Help please !!

Quelqu'un peut-il m'aider ???

Merci par avance

Jeep79 · Answer

Y'aurait-il quelqu'un pour me venir en aide ??

Merci d'avance

jlpjlp · Answer

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\Windows\system32\yiaamh.dll 


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aed438e2-8e54-4220-b374-67bb39c78a59}]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe


Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis , dis tes soucis actuels 


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

________________
colle un rapport avec antivir

Jeep79 · Answer

Slt

Il semble que le trojan VUNDO a été supprimé car je ne reçois plus de message de détection AntiVir concernant ce virus, mais j'en reçois encore pour le trojan crypt.XPACK.Gen...

Voici les rapports ComboFix et Hijackthis que tu m'as demandé :

Rapport ComboFix :

ComboFix 08-07-11.1 - Acer Aspire 2008-07-12 13:34:06.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1210 [GMT 2:00]
Endroit: C:\Users\Acer Aspire\Desktop\ComboFix.exe
Command switches used :: C:\Users\Acer Aspire\Desktop\CFscript.txt
 * Création d'un nouveau point de restauration

FILE ::
C:\Windows\system32\yiaamh.dll
.

(((((((((((((((((((((((((((((   Fichiers créés 2008-06-12 to 2008-07-12  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 11:01	---------	d---a-w	C:\ProgramData\TEMP
2008-07-12 10:43	352,615	---ha-w	C:\Windows\system32\drivers\vsconfig.xml
2008-07-12 00:56	3,060,736	----a-w	C:\Windows\Internet Logs\xDB8C95.tmp
2008-07-12 00:31	---------	d-----w	C:\ProgramData\CheckPoint
2008-07-12 00:31	---------	d-----w	C:\Program Files\Zone Labs
2008-07-11 23:29	---------	d-----w	C:\ProgramData\Spybot - Search & Destroy
2008-07-11 23:25	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-07-11 22:30	107,888	----a-w	C:\Windows\System32\CmdLineExt.dll
2008-07-11 19:17	---------	d-----w	C:\Program Files\Alwil Software
2008-07-11 19:08	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-07-11 19:04	---------	d-----w	C:\ProgramData\Symantec
2008-07-11 19:04	---------	d-----w	C:\Program Files\Symantec
2008-07-11 13:57	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\Malwarebytes
2008-07-11 13:57	---------	d-----w	C:\ProgramData\Malwarebytes
2008-07-11 13:57	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 11:30	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\EoRezo
2008-07-11 11:28	---------	d-----w	C:\ProgramData\Google Updater
2008-07-11 11:26	90,624	----a-w	C:\Windows\System32\jsblarks.dll
2008-07-11 11:14	---------	d-----w	C:\Program Files\Spyware Doctor
2008-07-11 10:30	---------	d-----w	C:\ProgramData\Avira
2008-07-11 10:30	---------	d-----w	C:\Program Files\Avira
2008-07-11 01:40	---------	d-----w	C:\Program Files\Desktop Maestro
2008-07-11 01:28	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\Desktop Mechanic
2008-07-10 22:33	---------	d-----w	C:\ProgramData\Diskeeper Corporation
2008-07-10 22:33	---------	d-----w	C:\Program Files\Diskeeper Corporation
2008-07-10 19:13	---------	d-----w	C:\ProgramData\LightScribe
2008-07-10 18:56	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\Nero
2008-07-10 18:55	---------	d-----w	C:\Program Files\Common Files\Nero
2008-07-10 18:53	---------	d-----w	C:\ProgramData\Nero
2008-07-10 18:53	---------	d-----w	C:\Program Files\Nero
2008-07-10 17:39	---------	d-----w	C:\Program Files\Google
2008-07-10 09:55	---------	d-----w	C:\ProgramData\Microsoft Help
2008-07-09 21:38	---------	d-----w	C:\Program Files\KONAMI
2008-07-09 20:38	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-07-09 15:35	---------	d-----w	C:\Program Files\BitComet
2008-07-09 13:51	---------	d-----w	C:\ProgramData\Skype
2008-07-09 13:38	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\StarOffice8
2008-07-09 13:32	---------	d-----w	C:\Program Files\Windows Mail
2008-07-09 13:00	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\Talkback
2008-07-09 12:22	---------	d-----w	C:\ProgramData\eSobi
2008-07-09 12:10	---------	d-----w	C:\Program Files\Java
2008-07-09 12:00	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\ItsLabel
2008-07-09 11:59	174	--sha-w	C:\Program Files\desktop.ini
2008-07-09 00:16	---------	d-----w	C:\Program Files\Sun
2008-07-09 00:14	---------	d-----w	C:\Program Files\Common Files\Java
2008-07-08 23:58	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-07-08 23:53	---------	d-----w	C:\Program Files\Real
2008-07-08 23:53	---------	d-----w	C:\Program Files\Common Files\xing shared
2008-07-08 23:53	---------	d-----w	C:\Program Files\Common Files\Real
2008-07-08 23:51	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\PC Tools
2008-07-08 23:42	---------	d-----w	C:\Program Files\EoRezo
2008-07-08 20:41	---------	d-----w	C:\Program Files\Picasa2
2008-07-08 20:31	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\DivX
2008-07-08 18:59	2,560	----a-w	C:\Windows\System32\bitcometres.dll
2008-07-08 12:10	---------	d-----w	C:\Program Files\CCleaner
2008-07-08 12:01	---------	d-----w	C:\Program Files\DivX
2008-07-08 12:00	---------	d-----w	C:\Program Files\Common Files\PX Storage Engine
2008-07-07 15:35	34,296	----a-w	C:\Windows\system32\drivers\mbamcatchme.sys
2008-07-07 15:35	17,144	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-07-07 00:25	---------	d-----w	C:\ProgramData\WLInstaller
2008-07-06 18:47	---------	d-----w	C:\Program Files\Windows Live
2008-07-06 18:25	---------	d-----w	C:\Program Files\15355 Webcam Live
2008-07-06 14:57	---------	d-----w	C:\Users\Acer Aspire\AppData\Roaming\SecondLife
2008-07-06 14:57	---------	d-----w	C:\Program Files\SecondLife
2008-07-06 01:27	---------	d-----w	C:\ProgramData\eMule
2008-07-05 23:03	---------	d-----w	C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-05 23:02	---------	d-----w	C:\Program Files\Windows Live Toolbar
2008-07-05 23:02	---------	d-----w	C:\Program Files\Windows Live Favorites
2008-07-05 22:57	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-05 19:11	---------	d-----w	C:\Program Files\Windows Sidebar
2008-07-05 19:11	---------	d-----w	C:\Program Files\Windows Defender
2008-07-05 19:11	---------	d-----w	C:\Program Files\Windows Calendar
2008-07-05 18:15	704,000	----a-w	C:\Windows\System32\PhotoScreensaver.scr
2008-07-05 18:15	67,584	----a-w	C:\Windows\System32\wlanhlp.dll
2008-07-05 18:15	542,720	----a-w	C:\Windows\System32\sysmain.dll
2008-07-05 18:15	502,784	----a-w	C:\Windows\System32\wlansvc.dll
2008-07-05 18:15	47,104	----a-w	C:\Windows\System32\wlanapi.dll
2008-07-05 18:15	297,984	----a-w	C:\Windows\System32\wlansec.dll
2008-07-05 18:15	290,816	----a-w	C:\Windows\System32\wlanmsm.dll
2008-07-05 18:15	258,232	----a-w	C:\Windows\system32\drivers\acpi.sys
2008-07-05 18:15	24,064	----a-w	C:\Windows\System32\wtsapi32.dll
2008-07-05 18:15	2,923,520	----a-w	C:\Windows\explorer.exe
2008-07-05 18:14	49,664	----a-w	C:\Windows\System32\csrsrv.dll
2008-07-05 18:14	376,320	----a-w	C:\Windows\System32\winsrv.dll
2008-07-05 18:14	194,560	----a-w	C:\Windows\System32\WebClnt.dll
2008-07-05 18:14	110,080	----a-w	C:\Windows\system32\drivers\mrxdav.sys
2008-07-05 18:12	41,984	----a-w	C:\Windows\system32\drivers\monitor.sys
2008-07-05 18:12	1,060,920	----a-w	C:\Windows\system32\drivers
tfs.sys
2008-07-05 18:11	374,456	----a-w	C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-07-05 18:10	8,147,968	----a-w	C:\Windows\System32\wmploc.DLL
2008-07-05 18:10	7,680	----a-w	C:\Windows\System32\spwmp.dll
2008-07-05 18:10	414,208	----a-w	C:\Windows\System32\msscp.dll
2008-07-05 18:10	4,096	----a-w	C:\Windows\System32\dxmasf.dll
2008-07-05 18:10	356,864	----a-w	C:\Windows\System32\MediaMetadataHandler.dll
2008-07-05 18:09	86,016	----a-w	C:\Windows\System32\icfupgd.dll
2008-07-05 18:09	63,488	----a-w	C:\Windows\system32\drivers\mpsdrv.sys
2008-07-05 18:09	61,952	----a-w	C:\Windows\System32\cmifw.dll
2008-07-05 18:09	396,800	----a-w	C:\Windows\System32\MPSSVC.dll
2008-07-05 18:09	392,192	----a-w	C:\Windows\System32\FirewallAPI.dll
2008-07-05 18:09	23,040	----a-w	C:\Windows\system32\drivers	unnel.sys
.

(((((((((((((((((((((((((((((   snapshot_2008-07-11_23.26.04.68   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 21:20:07	67,584	--s-a-w	C:\Windows\bootstat.dat
+ 2008-07-12 10:43:16	67,584	--s-a-w	C:\Windows\bootstat.dat
- 2008-07-06 18:47:01	51,200	----a-w	C:\Windows\inf\infpub.dat
+ 2008-07-12 00:31:13	51,200	----a-w	C:\Windows\inf\infpub.dat
- 2008-07-06 18:26:53	86,016	----a-w	C:\Windows\inf\infstor.dat
+ 2008-07-12 00:31:10	86,016	----a-w	C:\Windows\inf\infstor.dat
- 2008-07-06 18:47:00	86,016	----a-w	C:\Windows\inf\infstrng.dat
+ 2008-07-12 00:31:12	86,016	----a-w	C:\Windows\inf\infstrng.dat
- 2008-07-11 21:20:07	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-12 10:43:16	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-11 21:21:39	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-12 10:43:59	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-12 10:43:59	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat.LOG1
- 2008-07-11 21:21:44	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-12 10:43:54	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-12 10:43:54	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat.LOG1
- 2008-07-11 21:25:24	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-12 10:43:22	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-11 21:25:24	147,456	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-12 10:43:22	147,456	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-11 21:25:24	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-12 10:43:22	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-05 18:05:50	216,632	----a-w	C:\Windows\System32\drivers
etio.sys
+ 2008-07-05 18:05:50	217,144	----a-w	C:\Windows\System32\drivers
etio.sys
- 2008-07-09 14:22:22	803,328	----a-w	C:\Windows\System32\drivers	cpip.sys
+ 2008-07-05 18:05:50	806,400	----a-w	C:\Windows\System32\drivers	cpip.sys
+ 2008-03-03 13:06:04	279,440	------w	C:\Windows\System32\drivers\vsdatant.sys
+ 2008-03-03 13:06:04	279,440	----a-w	C:\Windows\System32\DriverStore\FileRepository\vsdatant.inf_52bc6cc9\vsdatant.sys
- 2008-07-11 21:16:49	107,676	----a-w	C:\Windows\System32\perfc009.dat
+ 2008-07-12 10:47:58	107,676	----a-w	C:\Windows\System32\perfc009.dat
- 2008-07-11 21:16:49	122,124	----a-w	C:\Windows\System32\perfc00C.dat
+ 2008-07-12 10:47:58	122,124	----a-w	C:\Windows\System32\perfc00C.dat
- 2008-07-11 21:16:49	618,532	----a-w	C:\Windows\System32\perfh009.dat
+ 2008-07-12 10:47:58	618,532	----a-w	C:\Windows\System32\perfh009.dat
- 2008-07-11 21:16:49	700,278	----a-w	C:\Windows\System32\perfh00C.dat
+ 2008-07-12 10:47:59	700,278	----a-w	C:\Windows\System32\perfh00C.dat
- 2008-07-10 18:59:53	6,291,456	----a-w	C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-07-12 00:38:53	6,291,456	----a-w	C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-03-03 13:04:54	95,720	----a-w	C:\Windows\System32\vsdata.dll
+ 2008-03-03 13:04:54	165,352	----a-w	C:\Windows\System32\vsinit.dll
+ 2008-03-03 13:04:54	103,912	----a-w	C:\Windows\System32\vsmonapi.dll
+ 2008-03-03 13:04:54	275,944	----a-w	C:\Windows\System32\vspubapi.dll
+ 2008-03-03 13:04:54	71,144	----a-w	C:\Windows\System32\vsregexp.dll
+ 2008-03-03 13:04:56	493,032	----a-w	C:\Windows\System32\vsutil.dll
+ 2008-03-03 13:05:30	54,672	----a-w	C:\Windows\System32\vsutil_loc040c.dll
+ 2008-03-03 13:04:56	46,568	----a-w	C:\Windows\System32\vswmi.dll
+ 2008-03-03 13:04:56	99,816	----a-w	C:\Windows\System32\vsxml.dll
- 2008-07-11 21:22:06	9,628	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1296013483-1463708777-1350909624-1000_UserData.bin
+ 2008-07-12 10:45:06	9,852	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1296013483-1463708777-1350909624-1000_UserData.bin
- 2008-07-11 21:22:06	67,938	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-12 10:45:06	69,278	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-11 21:22:04	55,592	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-12 10:45:05	56,580	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-03 13:04:56	83,432	----a-w	C:\Windows\System32\zlcomm.dll
+ 2008-03-03 13:04:56	71,144	----a-w	C:\Windows\System32\zlcommdb.dll
+ 2008-03-03 13:04:52	99,816	----a-w	C:\Windows\System32\ZoneLabs\camupd.dll
+ 2008-03-03 13:05:28	17,808	----a-w	C:\Windows\System32\ZoneLabs\camupd_loc040c.dll
+ 2004-01-30 11:35:08	813,568	----a-w	C:\Windows\System32\ZoneLabs\dbghelp.dll
+ 2008-03-03 13:04:52	136,680	----a-w	C:\Windows\System32\ZoneLabs\fbl.dll
+ 2008-03-03 13:04:52	50,672	----a-w	C:\Windows\System32\ZoneLabs\featuremap.dll
+ 2008-03-03 13:05:28	288,144	----a-w	C:\Windows\System32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll
+ 2008-03-03 13:05:28	152,976	----a-w	C:\Windows\System32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll
+ 2008-03-03 13:05:30	54,672	----a-w	C:\Windows\System32\ZoneLabs\lib\WelcomeUI_loc040c.zip.dll
+ 2008-03-03 13:05:08	26,000	----a-w	C:\Windows\System32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-03-03 13:05:08	1,361,296	----a-w	C:\Windows\System32\ZoneLabs\lib\zpy.zip.dll
+ 2008-03-03 13:05:08	71,056	----a-w	C:\Windows\System32\ZoneLabs\lib\zui.zip.dll
+ 2008-03-03 13:06:06	30,192	----a-w	C:\Windows\System32\ZoneLabs\pluginspc_serverpc_server.dll
+ 2008-03-03 13:06:06	30,216	----a-w	C:\Windows\System32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-12-11 18:58:04	714,208	----a-w	C:\Windows\System32\ZoneLabs\qrbase.dll
+ 2007-12-11 18:58:04	792,032	----a-w	C:\Windows\System32\ZoneLabs\qrsrecl.dll
+ 2008-03-03 13:04:52	173,544	----a-w	C:\Windows\System32\ZoneLabs\scheduler.dll
+ 2008-03-03 13:05:30	17,808	----a-w	C:\Windows\System32\ZoneLabs\scheduler_loc040c.dll
+ 2008-01-21 07:25:00	7,603,688	----a-w	C:\Windows\System32\ZoneLabs\spyware.dat
+ 2007-12-11 18:58:06	1,504,736	----a-w	C:\Windows\System32\ZoneLabs\srescan.dll
+ 2008-03-03 13:04:54	456,168	----a-w	C:\Windows\System32\ZoneLabs\ssleay32.dll
+ 2007-04-20 03:44:28	833,248	----a-w	C:\Windows\System32\ZoneLabs\updating.dll
+ 2008-03-03 13:05:02	169,512	----a-w	C:\Windows\System32\ZoneLabs\updclient.exe
+ 2008-03-03 13:05:30	99,728	----a-w	C:\Windows\System32\ZoneLabs\updClient_loc040c.dll
+ 2008-03-03 13:04:54	112,104	----a-w	C:\Windows\System32\ZoneLabs\vsavpro.dll
+ 2008-03-03 13:06:04	279,440	----a-w	C:\Windows\System32\ZoneLabs\vsdatant.sys
+ 2008-03-03 13:04:54	75,240	----a-w	C:\Windows\System32\ZoneLabs\vsdb.dll
+ 2008-03-03 13:05:30	17,808	----a-w	C:\Windows\System32\ZoneLabs\vsdb_loc040c.dll
+ 2008-03-03 13:05:02	64,912	----a-w	C:\Windows\System32\ZoneLabs\vsdrinst.exe
+ 2008-03-03 13:05:02	79,400	----a-w	C:\Windows\System32\ZoneLabs\vsmon.exe
+ 2008-03-03 13:05:30	50,576	----a-w	C:\Windows\System32\ZoneLabs\vsmon_loc040c.dll
+ 2008-03-03 13:04:54	2,086,376	----a-w	C:\Windows\System32\ZoneLabs\vsmondll.dll
+ 2008-03-03 13:04:56	1,361,384	----a-w	C:\Windows\System32\ZoneLabs\vsruledb.dll
+ 2008-03-03 13:05:30	198,032	----a-w	C:\Windows\System32\ZoneLabs\vsruledb_loc040c.dll
+ 2008-03-03 13:04:56	243,176	----a-w	C:\Windows\System32\ZoneLabs\vsvault.dll
+ 2008-03-03 13:05:30	17,808	----a-w	C:\Windows\System32\ZoneLabs\vsvault_loc040c.dll
+ 2008-01-21 07:25:00	7,603,688	----a-w	C:\Windows\System32\ZoneLabs\zlasdbup.dat
+ 2008-03-03 13:04:56	177,640	----a-w	C:\Windows\System32\ZoneLabs\zlparser.dll
+ 2008-03-03 13:04:56	79,344	----a-w	C:\Windows\System32\ZoneLabs\zlquarantine.dll
+ 2008-03-03 13:05:30	17,808	----a-w	C:\Windows\System32\ZoneLabs\zlquarantine_loc040c.dll
+ 2008-03-03 13:04:58	398,824	----a-w	C:\Windows\System32\ZoneLabs\zlsre.dll
+ 2008-03-03 13:05:30	21,904	----a-w	C:\Windows\System32\ZoneLabs\zlsre_loc040c.dll
+ 2008-03-03 13:04:58	120,296	----a-w	C:\Windows\System32\ZoneLabs\zlupdate.dll
+ 2008-03-03 13:05:00	1,086,952	----a-w	C:\Windows\System32\zpeng24.dll
- 2008-07-10 18:36:24	106,421,249	----a-w	C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-12 00:38:38	106,457,079	----a-w	C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2007-04-20 10:50:15	217,272	----a-w	C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.20582_none_54ea4862d183ae20
etio.sys
+ 2007-04-20 10:41:33	49,152	----a-w	C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20582_none_5fd47169ab8fd179
etiomig.dll
+ 2007-04-20 09:55:13	22,016	----a-w	C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20582_none_5fd47169ab8fd179
etiougc.exe
+ 2007-04-20 09:55:56	803,840	----a-w	C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20582_none_5fd47169ab8fd179	cpip.sys
+ 2007-04-20 10:42:16	167,424	----a-w	C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20582_none_5fd47169ab8fd179	cpipcfg.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-07-05 19:59 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-03-25 08:38 2196280]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-10 19:09 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"Acer Tour Reminder"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-24 14:53:40 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-04-24 14:32:04 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F95798C9-BF0A-4D20-BD7C-6B38E7FF9FEE}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{A5333138-7820-4A45-A0F8-9FD93BB4D627}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{31A60708-F002-42F4-9908-B33BD16550DD}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{932D4E56-6D5F-4909-A913-8B5947834283}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{B4E3A7E7-6249-4309-B05F-B68B9B030828}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{383C1570-BA3C-4015-8188-2C4B6D3284C4}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{96FB5B8F-6D95-4F7A-809C-7952FC936ACB}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{4FF06BD9-4370-4B76-ACF7-40542F1CF716}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{A3545E1B-C746-447F-9041-B38D5406AB1D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B27F2B2A-F1C3-4E65-8725-F857C07B7BEF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C67C3BCB-0291-4D8F-9CA9-4BF57D85C7A7}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{DBF7A8ED-B293-4716-8148-5AA108AE36BB}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{40DDC69A-DC0A-405B-80EC-9C9E4C45C678}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{65DC4699-0B4D-4B68-8E12-22BA01E57B56}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{71757E92-5C63-40E6-86A2-D01C7D983F1D}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"{81233F9D-0CB6-4AA3-955E-88D8D45AF340}"= UDP:17426:BitComet 17426 TCP
"{A3C24912-71EE-438A-A39D-ABD6437A735C}"= TCP:17426:BitComet 17426 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 18:54]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Contrôle parental;C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 11:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 03:52]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-28 05:04]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-09 01:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{535f1c8e-5c51-11dc-8768-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun_PES2008.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd18c72a-83de-11dc-ac00-0019dbacc4a3}]
\shell\AutoRun\command - K:\Info.exe folder.htt 480 480

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-12 11:35:29 C:\Windows\Tasks\User_Feed_Synchronization-{CFB9FBCF-1EDB-4F62-AE77-EB207C39DBA1}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-07-12 11:32:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 13:36:57
Windows 6.0.6000  NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-12 13:38:07
ComboFix-quarantined-files.txt  2008-07-12 11:37:58
ComboFix2.txt  2008-07-11 21:26:51

      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 118,155,718,656 octets libres

332	--- E O F ---	2008-07-12 00:06:32


Le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:34, on 12/07/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Acer Aspire\Desktop\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

jlpjlp · Answer

ok colle un rapport ave antivir que tu as pour voir les fichiers inféctés

Jeep79 · Answer

Le rapport antivir : Avira AntiVir Personal Report file date: samedi 12 juillet 2008 13:50 Scanning for 1419754 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Boot mode: Normally booted Username: SYSTEM Computer name: PC-DE-JEAN-PAUL Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:25:32 ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 09/07/2008 13:25:39 ANTIVIR3.VDF : 7.0.5.103 247296 Bytes 11/07/2008 13:25:43 Engineversion : 8.1.0.64 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.46 283002 Bytes 11/07/2008 13:26:13 AESCN.DLL : 8.1.0.22 119157 Bytes 11/07/2008 13:26:11 AERDL.DLL : 8.1.0.20 418165 Bytes 11/07/2008 13:26:09 AEPACK.DLL : 8.1.1.6 364918 Bytes 11/07/2008 13:26:06 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 11/07/2008 13:26:02 AEHEUR.DLL : 8.1.0.35 1298806 Bytes 11/07/2008 13:26:00 AEHELP.DLL : 8.1.0.15 115063 Bytes 11/07/2008 13:25:52 AEGEN.DLL : 8.1.0.29 307573 Bytes 11/07/2008 13:25:51 AEEMU.DLL : 8.1.0.6 430451 Bytes 11/07/2008 13:25:48 AECORE.DLL : 8.1.0.32 168311 Bytes 11/07/2008 13:25:45 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, K:, L:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 12 juillet 2008 13:50 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'conime.exe' - '1' Module(s) have been scanned Scan process 'mfpmp.exe' - '0' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'PCMMediaSharing.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'BitComet.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'pctsTray.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned Scan process 'RichVideo.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned Scan process 'fsssvc.exe' - '1' Module(s) have been scanned Scan process 'eDSService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'MemCheck.exe' - '1' Module(s) have been scanned Scan process 'CLMSServer.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 62 processes with 62 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD3 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD4 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD5 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'K:\' [INFO] No virus was found! Boot sector 'L:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '8' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'K:\' Begin scan in 'L:\' End of the scan: samedi 12 juillet 2008 14:56 Used time: 1:05:59 min The scan has been done completely. 29194 Scanning directories 698586 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 698586 Files not concerned 15746 Archives were scanned 6 Warnings 0 Notes

jlpjlp · Answer

si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)


encore des soucis???????????,,

Jeep79 · Answer

Quand j'arrive sur la fenetre restauration systeme, j'ai 2 options : soit "restauration recommandée : selectionner cette option pour annuler l'installation la plus récente liée à la mise à jour...", soit "choisir un autre point de restauration".

Lequel choisir ??

Merci d'avance

Jeep79 · Answer

J'ai démarrer mon pc il y a une demi heure et aucun message antvir detectant un virus. Est-ce que tous les virus ont été virés ou dois-je encore effectuer des analyses pour être sûr ??

Merci d'avance

jlpjlp · Answer

non c'est bon

pour virer ce que je t'ai fais utiliser:


Télécharge ToolsCleaner sur ton bureau. 
-->  http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

ps : pas besoin de m´envoyer le rapport si tout a ete supprimer ;-) 


_________________

installe spywareblaster pour éviter de rechopper vundo

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

_________________








pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français   ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version 
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) 

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

 https://forum.pcastuces.com/sujet.asp?f=25&s=35606 
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus  touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/

Jeep79 · Answer

Merci bcp pour ton aide et tes conseils !!

Jeep79 · Answer

Au fait, concernant la restauration de système :

Quand j'arrive sur la fenetre restauration système, j'ai 2 options : soit "restauration recommandée : selectionner cette option pour annuler l'installation la plus récente liée à la mise à jour...", soit "choisir un autre point de restauration".

Lequel choisir ??

Merci d'avance

jlpjlp · Answer

désactive la restauration en suivant ce manuel

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924


puis reactive la après avoir redemarré l'ordi

Jeep79 · Answer

Au fait, concernant la restauration de système :

Quand j'arrive sur la fenetre restauration systeme, j'ai 2 options : soit "restauration recommandée : selectionner cette option pour annuler l'installation la plus récente liée à la mise à jour...", soit "choisir un autre point de restauration".

Lequel choisir ?? 

Merci bcp pour ton aide et tes conseils

jlpjlp · Answer

il faut désactiver la restauration systeme!!!





désactive la restauration en suivant ce manuel

http://service1.symantec.com/


puis reactive la après avoir redemarré l'ordi

Virus TR/Vuondo.gen et TR/Cryt.XPACK.Gen

24 réponses

Discussions similaires

Newsletters