Sujet Précédent Sujet Suivant

Probleme avec Virus

Résolu
Dami -  
 Utilisateur anonyme -
Bonjour,

Voila gros problème avec un virus bien chiant, qui ralentit tous mon nouveau PC, j'espere que vous pourrez m'aider merci d'avance.

Voici le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:00:52, on 4/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Users\Damien\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\glgnqxav.exe
C:\ProgramData\dmtkrgnq\tibujwxq.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Damien\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [cfgmonen] C:\Windows\system32\glgnqxav.exe
O4 - HKCU\..\Run: [DtNhVR9XrP] C:\ProgramData\dmtkrgnq\tibujwxq.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
Utilisateur anonyme
 
je soupcone ces trucs, je les ai déjà vus sur un rapport HijackThis,

C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
et aussi ceux-là :

C:\Windows\system32\conime.exe
C:\Windows\system32\glgnqxav.exe
C:\ProgramData\dmtkrgnq\tibujwxq.exe

ne trouve pas-tu le nom du dernire bizarre !

et pour le ralentissement, c'est normal vu le nombre de logiciels qui se chargement au démarrage et qui tournent sans grand intérêt vu qu'on les utilises pas tout le temps.

et c koi les trucs Acer, antivirus ? t'as déjà McAfee !!!!!
0
Réponse 2 / 23
Utilisateur anonyme
 
Bonsoir,

oui : il y a deux trojans :
C:\Windows\system32\glgnqxav.exe
C:\ProgramData\dmtkrgnq\tibujwxq.exe

Le reste est tout à fait légitime :
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe

Alors pas touche à ceux là.

Fais ceci Dami stp :

> Lance Hijackthis :
- Puis sélectionne < Do a system scan only >
- Coche les cases des lignes suivantes : 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [cfgmonen] C:\Windows\system32\glgnqxav.exe
O4 - HKCU\..\Run: [DtNhVR9XrP] C:\ProgramData\dmtkrgnq\tibujwxq.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?

Ensuite,
- Ferme toutes les autres fenêtres et applications (même internet)
- Clic sur < fixe checked >

> Relance ton PC en mode normal puis Hijackthis :
Puis sélectionne < do a system scan and save a logfile >,

Et envoie, par collier/coller, ton log Hijackthis,

Ensuite,
> Télécharge OTMoveIT (de Old_Timer) : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe sur ton bureau...
- Double-clique sur OTMoveIt.exe pour le lancer.
- Assure toi que la case "Unregister Dll's and Ocx's" est bien cochée !!!
- Copie le texte qui se trouve ci-dessous et colle-le dans le cadre de gauche de OTMoveIt nommé <Paste standard List of Files/Folders to be moved>. 

C:\Windows\system32\glgnqxav.exe
C:\ProgramData\dmtkrgnq

- Clique sur < MoveIt! > pour lancer la suppression.
- Lorsqu'un résultat apparaît dans le cadre Results clique sur Exit
N.B :Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
Un rapport est créé dans %SYSTEMDRIVE%\_OTMoveIt\MovedFiles\date du jour (C:\_OTMoveIt\MovedFiles\), copie-colle-le dans ta réponse suivante stp.

Le PC devrait allé mieux mais il reste une étape.
Poste les rapports stp.

A+
0
Réponse 3 / 23
Damimi Messages postés 13 Statut Membre
 
Voila qui est fait voici mon log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:21, on 4/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Users\Damien\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Users\Damien\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [HlpApl] C:\Windows\system32\ralgncxg.exe
O4 - HKCU\..\Run: [dscwebsmart] C:\Windows\system32\fmbyjwza.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
0
Utilisateur anonyme
 
Salut,
très bien.

Et le rapport OTmoveIT ? Tu peux me l'envoyer ?
0
Réponse 4 / 23
Damimi Messages postés 13 Statut Membre
 
Et voici le rapport MoveIT :

C:\Windows\system32\glgnqxav.exe moved successfully.
C:\ProgramData\dmtkrgnq moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09042008_111455
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
Utilisateur anonyme
 
Ok,
il y en a deux autres qui sont apparus.

Alors,
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Clique droit sur combofix.exe puis choisis "exécuter en temps qu'administrateur".
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
PS2 : Il peut s'avérer que le rapport Combofix soit trop long pour être supporter par CCM.net. Dans ce cas utilise ce service http://www.cijoint.fr pour me l'envoyer (dépose le fichier puis poste le lien sur le forum).
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.

Bon courage.

A+
0
Réponse 6 / 23
Damimi Messages postés 13 Statut Membre
 
ComboFix 08-09-03.03 - Damien 2008-09-04 11:52:18.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1921 [GMT 2:00]
Endroit: C:\Users\Damien\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-04 to 2008-09-04 ))))))))))))))))))))))))))))))))))))
.

2008-09-04 11:14 . 2008-09-04 11:14 <REP> d-------- C:\_OTMoveIt
2008-09-04 11:07 . 2008-09-04 11:07 90,112 --a------ C:\Windows\System32\fmbyjwza.exe
2008-09-04 00:43 . 2008-09-04 00:43 <REP> d-------- C:\Users\All Users\Avira
2008-09-04 00:43 . 2008-09-04 00:43 <REP> d-------- C:\ProgramData\Avira
2008-09-04 00:43 . 2008-09-04 00:43 <REP> d-------- C:\Program Files\Avira
2008-09-04 00:09 . 2008-09-04 00:09 90,112 --a------ C:\Windows\System32\ralgncxg.exe
2008-09-03 23:49 . 2008-09-03 23:49 <REP> d-------- C:\Users\Damien\AppData\Roaming\Malwarebytes
2008-09-03 23:49 . 2008-09-03 23:49 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-03 23:49 . 2008-09-03 23:49 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-03 23:49 . 2008-09-03 23:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 23:49 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-03 23:49 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-01 22:34 . 2008-09-01 22:34 <REP> d-------- C:\Users\Damien\AppData\Roaming\Ubisoft
2008-09-01 22:34 . 2008-09-01 22:34 <REP> d-------- C:\Users\All Users\Ubisoft
2008-09-01 22:34 . 2008-09-01 22:34 <REP> d-------- C:\ProgramData\Ubisoft
2008-09-01 22:11 . 2008-09-01 22:11 <REP> d-------- C:\Program Files\Packard Bell
2008-09-01 22:10 . 2008-09-01 22:10 <REP> d-------- C:\Program Files\Packard Bell External HDD
2008-08-31 11:01 . 2008-08-31 11:01 <REP> d-------- C:\Program Files\Combined Community Codec Pack
2008-08-30 22:03 . 2008-08-30 22:03 <REP> d-------- C:\Windows\Downloaded Installations
2008-08-29 14:21 . 2008-08-29 14:21 1,400,916 --a------ C:\Windows\System32\ntx11110328.exe
2008-08-29 14:21 . 2008-08-29 14:21 1,400,916 --a------ C:\Windows\System32\ntx11109954.exe
2008-08-27 23:06 . 2008-08-31 15:01 <REP> d-------- C:\Users\Damien\AppData\Roaming\uTorrent
2008-08-27 21:47 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-27 21:47 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-27 21:47 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-27 21:47 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-27 21:46 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-27 21:46 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-27 21:46 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-27 21:46 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-27 21:46 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-26 22:31 . 2008-08-26 22:31 <REP> d-------- C:\Program Files\r2 Studios
2008-08-26 20:39 . 2008-09-04 00:19 <REP> d-------- C:\Users\Damien\AppData\Roaming\teamspeak2
2008-08-26 20:39 . 2008-08-26 20:39 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-08-26 20:39 . 2008-08-26 20:39 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-08-25 13:57 . 2008-08-25 13:57 <REP> d-------- C:\Program Files\VistaCodecPack
2008-08-25 13:55 . 2008-08-25 13:55 <REP> d-------- C:\Users\All Users\VistaCodecs
2008-08-25 13:55 . 2008-08-25 13:55 <REP> d-------- C:\ProgramData\VistaCodecs
2008-08-25 11:56 . 2008-08-25 11:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-24 16:08 . 2008-08-24 16:08 <REP> d-------- C:\Users\Damien\AppData\Roaming\PeerNetworking
2008-08-24 15:43 . 2008-08-24 15:43 <REP> d-------- C:\Users\Damien\AppData\Roaming\Intel
2008-08-24 15:43 . 2008-08-24 15:44 2,539 --a------ C:\WirelessDiagLog.csv
2008-08-24 12:55 . 2008-08-24 12:55 <REP> d-------- C:\Users\Damien\Bluetooth Software
2008-08-24 12:55 . 2008-09-04 11:55 12 --a------ C:\Windows\bthservsdp.dat
2008-08-23 09:28 . 2008-09-01 23:22 27,934 --a------ C:\Users\All Users\nvModes.dat
2008-08-23 09:28 . 2008-09-01 23:22 27,934 --a------ C:\ProgramData\nvModes.dat
2008-08-23 02:20 . 2008-09-04 03:34 387,746,773 --a------ C:\Windows\MEMORY.DMP
2008-08-22 09:06 . 2008-08-25 16:02 <REP> d-------- C:\Users\Damien\AppData\Roaming\skypePM
2008-08-22 09:06 . 2008-08-22 09:06 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-08-22 09:06 . 2008-08-22 09:06 56 --ah----- C:\ProgramData\ezsidmv.dat
2008-08-22 09:05 . 2008-08-22 09:05 <REP> d-------- C:\Users\Damien\AppData\Roaming\Acer
2008-08-22 09:04 . 2008-08-25 23:15 <REP> d-------- C:\Users\Damien\AppData\Roaming\Skype
2008-08-21 23:30 . 2008-08-30 22:21 <REP> d-------- C:\Program Files\Winamp
2008-08-21 23:30 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-08-21 20:43 . 2008-08-21 20:43 <REP> d-------- C:\Users\Damien\WoW-2.0.0-frFR-Installer
2008-08-21 20:05 . 2008-08-21 20:05 <REP> d-------- C:\Users\Damien\AppData\Roaming\Yahoo!
2008-08-21 20:05 . 2008-08-21 20:05 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-08-21 20:05 . 2008-08-21 20:05 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-08-21 20:04 . 2008-08-21 20:07 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-21 20:03 . 2008-08-21 20:03 <REP> d-------- C:\Users\All Users\WLInstaller
2008-08-21 20:03 . 2008-08-21 20:03 <REP> d-------- C:\ProgramData\WLInstaller
2008-08-21 20:03 . 2008-08-21 20:08 <REP> d-------- C:\Program Files\Windows Live
2008-08-21 20:03 . 2008-08-21 20:03 0 --a------ C:\Windows\nsreg.dat
2008-08-21 20:01 . 2008-08-21 20:01 <REP> d-------- C:\Users\All Users\Skype
2008-08-21 20:01 . 2008-08-21 20:01 <REP> d-------- C:\ProgramData\Skype
2008-08-21 20:01 . 2008-08-21 20:01 <REP> d-------- C:\Program Files\Skype
2008-08-21 20:01 . 2008-08-21 20:01 <REP> d-------- C:\Program Files\Common Files\Skype
2008-08-21 19:55 . 2008-08-21 20:28 <REP> d-------- C:\Program Files\World of Warcraft
2008-08-21 19:55 . 2008-08-21 21:19 <REP> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-08-21 19:46 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-21 19:45 . 2008-08-21 19:45 <REP> d-------- C:\Program Files\MSXML 4.0
2008-08-21 19:43 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-21 19:43 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-08-21 19:42 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-08-21 19:27 . 2008-08-21 19:27 <REP> dr------- C:\Users\Damien\Searches
2008-08-21 19:27 . 2008-08-21 19:27 <REP> d-------- C:\Users\Damien\AppData\Roaming\Validity
2008-08-21 19:26 . 2008-08-21 20:08 <REP> dr------- C:\Users\Damien\Contacts
2008-08-21 19:26 . 2008-08-21 19:26 <REP> d-------- C:\Users\Damien\AppData\Roaming\SiteAdvisor
2008-08-21 19:26 . 2008-08-21 19:26 <REP> d-------- C:\ACERSW
2008-08-21 19:25 . 2008-08-21 19:27 <REP> dr------- C:\Users\Damien\Videos
2008-08-21 19:25 . 2008-08-21 19:27 <REP> dr------- C:\Users\Damien\Saved Games
2008-08-21 19:25 . 2001-01-08 12:13 <REP> d-------- C:\Users\Damien\Roaming
2008-08-21 19:25 . 2008-08-21 19:27 <REP> dr------- C:\Users\Damien\Pictures
2008-08-21 19:25 . 2008-08-25 12:31 <REP> dr------- C:\Users\Damien\Music
2008-08-21 19:25 . 2008-08-21 19:27 <REP> dr------- C:\Users\Damien\Links
2008-08-21 19:25 . 2008-09-04 11:35 <REP> dr------- C:\Users\Damien\Downloads
2008-08-21 19:25 . 2008-08-27 09:37 <REP> dr------- C:\Users\Damien\Documents
2008-08-21 19:25 . 2006-11-02 14:37 <REP> d-------- C:\Users\Damien\AppData\Roaming\Media Center Programs
2008-08-21 19:25 . 2001-01-08 12:36 <REP> d-------- C:\Users\Damien\AppData\Roaming\Acer GameZone Console
2008-08-21 19:25 . 2008-08-21 19:27 <REP> d--h----- C:\Users\Damien\AppData
2008-08-21 19:25 . 2008-08-30 22:04 <REP> d-------- C:\Users\Damien
2008-08-21 19:22 . 2008-08-21 19:22 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-08-09 08:30 . 2008-08-09 08:30 1,007,616 --a------ C:\Windows\System32\VSFilter.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 06:56 --------- d-----w C:\Program Files\McAfee
2008-08-24 19:30 --------- d-----w C:\Program Files\SiteAdvisor
2008-08-21 23:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-21 17:26 --------- d-----w C:\Program Files\Acer
2008-08-21 17:22 --------- d-sh--w C:\ProgramData\Modèles
2008-08-21 17:22 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-08-21 17:22 --------- d-sh--w C:\ProgramData\Favoris
2008-08-21 17:22 --------- d-sh--w C:\ProgramData\Bureau
2008-08-21 17:22 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-27 14:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 14:39 --------- d-----w C:\Program Files\Acer Inc
2008-07-27 14:37 --------- d-----w C:\Program Files\Acer Arcade Deluxe
2008-07-27 14:35 --------- d-----w C:\ProgramData\CyberLink
2008-07-27 14:21 --------- d-----w C:\Program Files\Launch Manager
2008-07-27 14:17 --------- d-----w C:\Program Files\WIDCOMM
2008-07-27 14:16 5,632 ----a-w C:\Windows\System32\biologon.dll
2008-07-27 14:16 23,040 ----a-w C:\Windows\System32\ShlCmd.exe
2008-07-27 14:16 118,784 ----a-w C:\Windows\System32\VMC3KAPI.dll
2008-07-27 14:16 114,688 ----a-w C:\Windows\System32\VCryptAPI.dll
2008-07-27 14:15 43,184 ----a-w C:\Windows\system32\drivers\AlfaFF.sys
2008-07-27 14:15 331,776 ----a-w C:\Windows\System32\DrvCrypt.dll
2008-07-27 14:15 192,512 ----a-w C:\Windows\System32\BioOne.dll
2008-07-27 14:15 189,952 ----a-w C:\Windows\System32\PBAGUI.dll
2008-07-27 14:15 16,384 ----a-w C:\Windows\System32\AlfaFF.dll
2008-07-27 14:15 --------- d-----w C:\Program Files\Validity Sensors, Inc
2008-07-27 14:14 --------- d-----w C:\ProgramData\NVIDIA
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-25 12:22 20,480 ----a-w C:\Windows\USB_VIDEO_REG.exe
2008-06-23 09:47 352,256 ----a-w C:\Windows\Acer Crystal Eye webcam.EXE
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-16 14:34 446,464 ----a-w C:\Windows\System32\NVUNINST.EXE
2008-06-12 18:36 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-06-11 09:21 204,800 ----a-w C:\Windows\System32\SysHook.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 00:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Packard Bell Software Suite"="C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-06-27 1934656]
"HlpApl"="C:\Windows\system32\ralgncxg.exe" [2008-09-04 90112]
"dscwebsmart"="C:\Windows\system32\fmbyjwza.exe" [2008-09-04 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-06-28 13543968]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-06-28 92704]
"ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-27 3719680]
"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-06-16 809480]
"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2008-07-27 1216512]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-27 16:16 3162624 C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 05:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-12 17:13 21741864 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{68C187EE-4A20-44E8-A550-26DE193D4ACD}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{B6E5144E-A35A-47D4-9351-5D1518326EAC}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FB95C4B3-478C-4028-9B06-40ED0629356D}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{AB9725C8-1EE6-4407-80F5-AABEBE27272F}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{00C88B8B-BA66-46A6-A171-7AFEE52DBEF0}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E87C3E3F-9E50-4378-8B2A-911C50ACBA85}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{2919572F-C35F-46EC-A0A8-B90A05300DFC}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{01FE26FB-62CE-4612-A3BE-9FD62D21A795}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{681C8A7D-605E-434F-8AE0-34900DF662A3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7CA0AD01-7EE0-4733-A4DF-3B3658EC2549}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{54C2BDB0-BBA5-454B-A033-D9240DF2DE8F}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{5997857E-13D4-4CEB-8D69-20B99CC9AE24}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{E44FD591-0002-4A23-B7C1-FC2B52CF1EED}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{D419D180-9159-4D39-8F90-4D1B3EBE93F8}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{AE54863E-B8BA-4C75-8F01-8DADBFD6617D}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
"{2AB344F8-2043-41FD-B68D-1A9C217210EF}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C54D5733-5EB3-4FF1-8BAE-E8693E931328}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6668CA5A-C4AD-4E8D-B9FB-4CE4D1A826D6}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{E0F66574-2DA6-4A36-A77A-4939472B9F53}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{CF862846-719E-4B4F-AC17-23481BBD2E35}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{22E37C9B-8365-4D92-A8CE-10AD9CA4ED6B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{BAC6B13B-4C9C-4678-AB04-081531020D26}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{51C5C3F5-4FC3-439E-83E1-E88C1171600F}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{1F27F166-F513-415F-B4CC-80554FAFEDE5}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{098255C7-039D-4758-AE05-0B8BE4A969F1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AlfaFF;AlfaFF File System mini-filter;C:\Windows\system32\Drivers\AlfaFF.sys [2008-07-27 43184]
R2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-05-19 47104]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-06-28 43040]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{032f7eda-779a-11dd-b44d-00a0d1a97599}]
\shell\AutoRun\command - E:\ClickMe.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
HKLM-Run-eRecoveryService - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\rzd6sx41.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.be
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 11:56:54
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\vfsFPService.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\ACER\Mobility Center\MobilityService.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\conime.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Users\Damien\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-04 11:59:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 09:58:46

Pre-Run: 22,545,260,544 octets libres
Post-Run: 22,208,417,792 octets libres

318 --- E O F --- 2008-08-21 23:05:07
0
Réponse 7 / 23
Utilisateur anonyme
 
Ok,

/!\ Pour les personnes ayant les mêmes problèmes ou similaires /!\
Cette manip. est spécifique au PC de l'utilisateur ayant créé cette discussion. La reproduire sur un autre ordinateur pourrait endommager le système.

Alors,
> Avec Combofix :
- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes : 

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"HlpApl"=-
"dscwebsmart"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{032f7eda-779a-11dd-b44d-00a0d1a97599}] 

File::
C:\Windows\System32\fmbyjwza.exe 
C:\Windows\System32\ralgncxg.exe 
E:\ClickMe.exe

- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).
- Désactive ton antivirus et tes autres protections résidentes (ex : Spybot) si tu en as (c'est important).
- Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image.
(Explications du glisser/coller : Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).
- Combofix va démarrer puis une fenêtre bleue va apparaître. Au message qui s'affiche (Type 1 to continue, or 2 to abort) : tape 1 puis valide.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.
PS : Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
PS2 : Il peut s'avérer que le rapport Combofix soit trop long pour être supporter par CCM.net. Dans ce cas utilise ce service http://www.cijoint.fr pour me l'envoyer (dépose le fichier puis poste le lien sur le forum).

Après,
>Télécharge et installe Ccleaner (logiciel à conserver et à utiliser régulièrement) : https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/ , si besoin est tu trouveras des Tutoriaux ici, ici et là, fais les mises à jour puis ferme le programme.

> Démarre en mode sans échec : (image). Si problème : tuto ici
>Lance Ccleaner,,
- Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé).
- Dans l'onglet "Nettoyeur" clique sur "Analyse".
- Une fois l'analyse terminée, clique sur "Lancer le Nettoyage".
- Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer.
N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau'
Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois).

Ensuite,
> Rends toi sur ce site virustotal et fais analyser le/les fichier(s) suivant(s) stp : (copie/colle la/les ligne(s) dans le cadre "envoyer un fichier")
Si problème : http://pageperso.aol.fr/loraline60/virus_total.htm 

C:\Windows\System32\ntx11110328.exe
C:\Windows\System32\ntx11109954.exe

et poste le/les résultat(s) par copier/coller stp (ou le/les lien(s) http, c'est plus rapide et préférable).

Poste pour finir un dernier HiJackT stp.

Bon courage.
Après on termine.
Comment va le PC ?

A+
0
Réponse 8 / 23
smith31 Messages postés 136 Statut Membre 25
 
Slt,
Le virus surabaya s'affiche tjours au demarrage de mon PC, aider moi avec une solution si eficace.Merci
0
Utilisateur anonyme
 
Salut,
Il serait préférable que tu crées ton propre topique (= discussion). Cela rendra celui-ci plus compréhensible, et tu obtiendras des réponses à ton problème avec plus d’efficacité.

Donc fais ce qui suit stp : http://pagesperso-orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
(Flash-player de Balltrap).

A++
0
Réponse 9 / 23
Damimi Messages postés 13 Statut Membre
 
Je fais ca au soir. Merci.

Stop pourrir mon post, creer le votre s'il vous plait.

MErci davance;
0
Réponse 10 / 23
Damimi Messages postés 13 Statut Membre
 
Voila deja le log de combos fix, merci beaucoup pour l'aide, je finis le reste normalement demain.

ComboFix 08-09-03.03 - Damien 2008-09-06 1:05:05.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1966 [GMT 2:00]
Endroit: C:\Users\Damien\Desktop\ComboFix.exe
Command switches used :: C:\Users\Damien\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\fmbyjwza.exe
C:\Windows\System32\ralgncxg.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))))))
.

2008-09-04 11:14 . 2008-09-04 11:14 <REP> d-------- C:\_OTMoveIt
2008-09-04 00:43 . 2008-09-04 00:43 <REP> d-------- C:\Users\All Users\Avira
2008-09-04 00:43 . 2008-09-04 00:43 <REP> d-------- C:\ProgramData\Avira
2008-09-04 00:43 . 2008-09-04 00:43 <REP> d-------- C:\Program Files\Avira
2008-09-03 23:49 . 2008-09-03 23:49 <REP> d-------- C:\Users\Damien\AppData\Roaming\Malwarebytes
2008-09-03 23:49 . 2008-09-03 23:49 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-03 23:49 . 2008-09-03 23:49 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-03 23:49 . 2008-09-03 23:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 23:49 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-03 23:49 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-01 22:34 . 2008-09-01 22:34 <REP> d-------- C:\Users\Damien\AppData\Roaming\Ubisoft
2008-09-01 22:34 . 2008-09-01 22:34 <REP> d-------- C:\Users\All Users\Ubisoft
2008-09-01 22:34 . 2008-09-01 22:34 <REP> d-------- C:\ProgramData\Ubisoft
2008-09-01 22:11 . 2008-09-01 22:11 <REP> d-------- C:\Program Files\Packard Bell
2008-09-01 22:10 . 2008-09-01 22:10 <REP> d-------- C:\Program Files\Packard Bell External HDD
2008-08-31 11:01 . 2008-08-31 11:01 <REP> d-------- C:\Program Files\Combined Community Codec Pack
2008-08-30 22:03 . 2008-08-30 22:03 <REP> d-------- C:\Windows\Downloaded Installations
2008-08-29 14:21 . 2008-08-29 14:21 1,400,916 --a------ C:\Windows\System32\ntx11110328.exe
2008-08-29 14:21 . 2008-08-29 14:21 1,400,916 --a------ C:\Windows\System32\ntx11109954.exe
2008-08-27 23:06 . 2008-09-05 23:34 <REP> d-------- C:\Users\Damien\AppData\Roaming\uTorrent
2008-08-27 21:47 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-27 21:47 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-27 21:47 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-27 21:47 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-27 21:46 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-27 21:46 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-27 21:46 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-27 21:46 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-27 21:46 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-26 22:31 . 2008-08-26 22:31 <REP> d-------- C:\Program Files\r2 Studios
2008-08-26 20:39 . 2008-09-04 00:19 <REP> d-------- C:\Users\Damien\AppData\Roaming\teamspeak2
2008-08-26 20:39 . 2008-08-26 20:39 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-08-26 20:39 . 2008-08-26 20:39 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-08-25 13:57 . 2008-08-25 13:57 <REP> d-------- C:\Program Files\VistaCodecPack
2008-08-25 13:55 . 2008-08-25 13:55 <REP> d-------- C:\Users\All Users\VistaCodecs
2008-08-25 13:55 . 2008-08-25 13:55 <REP> d-------- C:\ProgramData\VistaCodecs
2008-08-25 11:56 . 2008-08-25 11:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-24 16:08 . 2008-08-24 16:08 <REP> d-------- C:\Users\Damien\AppData\Roaming\PeerNetworking
2008-08-24 15:43 . 2008-08-24 15:43 <REP> d-------- C:\Users\Damien\AppData\Roaming\Intel
2008-08-24 15:43 . 2008-08-24 15:44 2,539 --a------ C:\WirelessDiagLog.csv
2008-08-24 12:55 . 2008-08-24 12:55 <REP> d-------- C:\Users\Damien\Bluetooth Software
2008-08-24 12:55 . 2008-09-06 00:21 12 --a------ C:\Windows\bthservsdp.dat
2008-08-23 09:28 . 2008-09-06 01:03 27,934 --a------ C:\Users\All Users\nvModes.dat
2008-08-23 09:28 . 2008-09-06 01:03 27,934 --a------ C:\ProgramData\nvModes.dat
2008-08-23 02:20 . 2008-09-06 00:33 298,335,189 --a------ C:\Windows\MEMORY.DMP
2008-08-22 09:06 . 2008-08-25 16:02 <REP> d-------- C:\Users\Damien\AppData\Roaming\skypePM
2008-08-22 09:06 . 2008-08-22 09:06 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-08-22 09:06 . 2008-08-22 09:06 56 --ah----- C:\ProgramData\ezsidmv.dat
2008-08-22 09:05 . 2008-08-22 09:05 <REP> d-------- C:\Users\Damien\AppData\Roaming\Acer
2008-08-22 09:04 . 2008-08-25 23:15 <REP> d-------- C:\Users\Damien\AppData\Roaming\Skype
2008-08-21 23:30 . 2008-08-30 22:21 <REP> d-------- C:\Program Files\Winamp
2008-08-21 23:30 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-08-21 20:43 . 2008-08-21 20:43 <REP> d-------- C:\Users\Damien\WoW-2.0.0-frFR-Installer
2008-08-21 20:05 . 2008-08-21 20:05 <REP> d-------- C:\Users\Damien\AppData\Roaming\Yahoo!
2008-08-21 20:05 . 2008-08-21 20:05 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-08-21 20:05 . 2008-08-21 20:05 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-08-21 20:04 . 2008-08-21 20:07 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-21 20:03 . 2008-08-21 20:03 <REP> d-------- C:\Users\All Users\WLInstaller
2008-08-21 20:03 . 2008-08-21 20:03 <REP> d-------- C:\ProgramData\WLInstaller
2008-08-21 20:03 . 2008-08-21 20:08 <REP> d-------- C:\Program Files\Windows Live
2008-08-21 20:03 . 2008-08-21 20:03 0 --a------ C:\Windows\nsreg.dat
2008-08-21 20:01 . 2008-08-21 20:01 <REP> d-------- C:\Users\All Users\Skype
2008-08-21 20:01 . 2008-08-21 20:01 <REP> d-------- C:\ProgramData\Skype
2008-08-21 20:01 . 2008-08-21 20:01 <REP> d-------- C:\Program Files\Skype
2008-08-21 20:01 . 2008-08-21 20:01 <REP> d-------- C:\Program Files\Common Files\Skype
2008-08-21 19:55 . 2008-08-21 20:28 <REP> d-------- C:\Program Files\World of Warcraft
2008-08-21 19:55 . 2008-08-21 21:19 <REP> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-08-21 19:46 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-21 19:45 . 2008-08-21 19:45 <REP> d-------- C:\Program Files\MSXML 4.0
2008-08-21 19:43 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-21 19:43 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-08-21 19:42 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-08-21 19:27 . 2008-08-21 19:27 <REP> dr------- C:\Users\Damien\Searches
2008-08-21 19:27 . 2008-08-21 19:27 <REP> d-------- C:\Users\Damien\AppData\Roaming\Validity
2008-08-21 19:26 . 2008-08-21 20:08 <REP> dr------- C:\Users\Damien\Contacts
2008-08-21 19:26 . 2008-08-21 19:26 <REP> d-------- C:\Users\Damien\AppData\Roaming\SiteAdvisor
2008-08-21 19:26 . 2008-08-21 19:26 <REP> d-------- C:\ACERSW
2008-08-21 19:25 . 2008-08-21 19:27 <REP> dr------- C:\Users\Damien\Videos
2008-08-21 19:25 . 2008-08-21 19:27 <REP> dr------- C:\Users\Damien\Saved Games
2008-08-21 19:25 . 2001-01-08 12:13 <REP> d-------- C:\Users\Damien\Roaming
2008-08-21 19:25 . 2008-08-21 19:27 <REP> dr------- C:\Users\Damien\Pictures
2008-08-21 19:25 . 2008-08-25 12:31 <REP> dr------- C:\Users\Damien\Music
2008-08-21 19:25 . 2008-08-21 19:27 <REP> dr------- C:\Users\Damien\Links
2008-08-21 19:25 . 2008-09-04 11:35 <REP> dr------- C:\Users\Damien\Downloads
2008-08-21 19:25 . 2008-08-27 09:37 <REP> dr------- C:\Users\Damien\Documents
2008-08-21 19:25 . 2006-11-02 14:37 <REP> d-------- C:\Users\Damien\AppData\Roaming\Media Center Programs
2008-08-21 19:25 . 2001-01-08 12:36 <REP> d-------- C:\Users\Damien\AppData\Roaming\Acer GameZone Console
2008-08-21 19:25 . 2008-08-21 19:27 <REP> d--h----- C:\Users\Damien\AppData
2008-08-21 19:25 . 2008-08-30 22:04 <REP> d-------- C:\Users\Damien
2008-08-21 19:22 . 2008-08-21 19:22 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-08-09 08:30 . 2008-08-09 08:30 1,007,616 --a------ C:\Windows\System32\VSFilter.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 22:33 --------- d-----w C:\Program Files\McAfee
2008-08-24 19:30 --------- d-----w C:\Program Files\SiteAdvisor
2008-08-21 23:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-21 17:26 --------- d-----w C:\Program Files\Acer
2008-08-21 17:22 --------- d-sh--w C:\ProgramData\Modèles
2008-08-21 17:22 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-08-21 17:22 --------- d-sh--w C:\ProgramData\Favoris
2008-08-21 17:22 --------- d-sh--w C:\ProgramData\Bureau
2008-08-21 17:22 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-27 14:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 14:39 --------- d-----w C:\Program Files\Acer Inc
2008-07-27 14:37 --------- d-----w C:\Program Files\Acer Arcade Deluxe
2008-07-27 14:35 --------- d-----w C:\ProgramData\CyberLink
2008-07-27 14:21 --------- d-----w C:\Program Files\Launch Manager
2008-07-27 14:17 --------- d-----w C:\Program Files\WIDCOMM
2008-07-27 14:16 5,632 ----a-w C:\Windows\System32\biologon.dll
2008-07-27 14:16 23,040 ----a-w C:\Windows\System32\ShlCmd.exe
2008-07-27 14:16 118,784 ----a-w C:\Windows\System32\VMC3KAPI.dll
2008-07-27 14:16 114,688 ----a-w C:\Windows\System32\VCryptAPI.dll
2008-07-27 14:15 43,184 ----a-w C:\Windows\system32\drivers\AlfaFF.sys
2008-07-27 14:15 331,776 ----a-w C:\Windows\System32\DrvCrypt.dll
2008-07-27 14:15 192,512 ----a-w C:\Windows\System32\BioOne.dll
2008-07-27 14:15 189,952 ----a-w C:\Windows\System32\PBAGUI.dll
2008-07-27 14:15 16,384 ----a-w C:\Windows\System32\AlfaFF.dll
2008-07-27 14:15 --------- d-----w C:\Program Files\Validity Sensors, Inc
2008-07-27 14:14 --------- d-----w C:\ProgramData\NVIDIA
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-25 12:22 20,480 ----a-w C:\Windows\USB_VIDEO_REG.exe
2008-06-23 09:47 352,256 ----a-w C:\Windows\Acer Crystal Eye webcam.EXE
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-16 14:34 446,464 ----a-w C:\Windows\System32\NVUNINST.EXE
2008-06-12 18:36 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-06-11 09:21 204,800 ----a-w C:\Windows\System32\SysHook.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-09-04_11.58.09.91 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-05 22:33:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-05 22:33:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-04 09:56:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-05 22:35:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-05 22:35:01 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-04 09:56:43 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-05 23:07:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-05 23:07:39 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-04 08:51:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-05 22:48:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-04 08:51:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-05 22:48:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-04 08:51:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-05 22:48:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-04 09:11:10 101,250 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-05 23:02:35 101,250 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-04 09:11:10 123,556 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-05 23:02:35 123,556 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-04 09:11:10 587,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-05 23:02:35 587,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-04 09:11:10 669,578 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-05 23:02:35 669,578 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-04 09:06:33 5,748 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2533665708-4094057488-2938104214-1000_UserData.bin
+ 2008-09-05 22:35:18 6,374 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2533665708-4094057488-2938104214-1000_UserData.bin
- 2008-09-04 09:06:33 75,530 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-05 22:35:18 76,406 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-04 09:06:31 54,398 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-04 22:22:54 56,124 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-04 08:50:14 230,718 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-09-05 08:35:48 232,356 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 00:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Packard Bell Software Suite"="C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-06-27 1934656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-06-28 13543968]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-06-28 92704]
"ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-27 3719680]
"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-06-16 809480]
"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2008-07-27 1216512]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-27 16:16 3162624 C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 05:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-12 17:13 21741864 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{68C187EE-4A20-44E8-A550-26DE193D4ACD}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{B6E5144E-A35A-47D4-9351-5D1518326EAC}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FB95C4B3-478C-4028-9B06-40ED0629356D}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{AB9725C8-1EE6-4407-80F5-AABEBE27272F}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{00C88B8B-BA66-46A6-A171-7AFEE52DBEF0}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E87C3E3F-9E50-4378-8B2A-911C50ACBA85}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{2919572F-C35F-46EC-A0A8-B90A05300DFC}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{01FE26FB-62CE-4612-A3BE-9FD62D21A795}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{681C8A7D-605E-434F-8AE0-34900DF662A3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7CA0AD01-7EE0-4733-A4DF-3B3658EC2549}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{54C2BDB0-BBA5-454B-A033-D9240DF2DE8F}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{5997857E-13D4-4CEB-8D69-20B99CC9AE24}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{E44FD591-0002-4A23-B7C1-FC2B52CF1EED}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{D419D180-9159-4D39-8F90-4D1B3EBE93F8}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{AE54863E-B8BA-4C75-8F01-8DADBFD6617D}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
"{2AB344F8-2043-41FD-B68D-1A9C217210EF}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C54D5733-5EB3-4FF1-8BAE-E8693E931328}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6668CA5A-C4AD-4E8D-B9FB-4CE4D1A826D6}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{E0F66574-2DA6-4A36-A77A-4939472B9F53}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{CF862846-719E-4B4F-AC17-23481BBD2E35}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{22E37C9B-8365-4D92-A8CE-10AD9CA4ED6B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{BAC6B13B-4C9C-4678-AB04-081531020D26}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{51C5C3F5-4FC3-439E-83E1-E88C1171600F}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{1F27F166-F513-415F-B4CC-80554FAFEDE5}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{098255C7-039D-4758-AE05-0B8BE4A969F1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AlfaFF;AlfaFF File System mini-filter;C:\Windows\system32\Drivers\AlfaFF.sys [2008-07-27 43184]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\[u]0/u00.fcl [2008-05-09 12:03 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 IGBASVC;iGroupTec Service;C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2008-07-27 3520512]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\system32\vfsFPService.exe [2008-05-26 599344]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-05-19 47104]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-06-28 43040]
R3 vfs101x;vfs101x;C:\Windows\system32\drivers\vfs101x.sys [2008-05-26 40752]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 01:07:44
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-06 1:09:39
ComboFix-quarantined-files.txt 2008-09-05 23:09:35
ComboFix2.txt 2008-09-04 09:59:01

Pre-Run: 18,365,784,064 octets libres
Post-Run: 20,763,062,272 octets libres

302 --- E O F --- 2008-08-21 23:05:07
0
Réponse 11 / 23
Damimi Messages postés 13 Statut Membre
 
Voila rapport numero un : http://www.virustotal.com/fr/analisis/c9f91bb91ef12f2660321225987df9d6
Voila rapport numero deux : http://www.virustotal.com/fr/analisis/c9f91bb91ef12f2660321225987df9d6

Voici le log Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:02, on 6/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Users\Damien\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Windows\system32\NOTEPAD.EXE
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Users\Damien\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
0
Réponse 12 / 23
Damimi Messages postés 13 Statut Membre
 
Un petit up :D
0
Réponse 13 / 23
Damimi Messages postés 13 Statut Membre
 
Bon ben pourquoi plus personne ne me reponds? :(
0
Réponse 14 / 23
Utilisateur anonyme
 
Bonsoir,
J'étais en week end...

Alors,
où en sont tes problèmes ?

Je vois que tu as mcAffe et eDataSecurity. Il faut en garder qu'un seul actif car sinon il y a conflits entre les antivirus.
Lequel veux tu garder ?

Pour finir,
> Scanne ton PC avec BitDefender en ligne http://www.bitdefender.fr/scan_fr/scan8/ie.html (uniquement sous Internet Explorer)
- Clique sur J'accepte puis accepte également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et installe le.
- Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible...) si possible. Allume les si necessaire.
- Ensuite, clique sur Cliquez ici pour scanner.
- Patiente jusqu'à la fin du scan qui peut durer assez longtemps...
- Poste le rapport une fois terminé stp.
Tuto : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId131054

Bon courage.

A+
0
Réponse 15 / 23
Damimi Messages postés 13 Statut Membre
 
AH désolé d'avoir ete un peu insistant. Ben disons que jaurais bien besoin daide, pour reussir a un peu nettoyer le PC car c'es un nouveau blinder de processus de merde. Et niveau virus, ben j'ai plus rien constater en faite.
0
Réponse 16 / 23
Utilisateur anonyme
 
Ok,
pas de souci.

En fait tu as trois Antivirus qui tournent en même temps : lequel veux tu garder ? Tu paye pour Bitdefnder, et eDataSecurity ?

A+
0
Réponse 17 / 23
Damimi Messages postés 13 Statut Membre
 
Non je ne paye pour aucun de mes anti virus :p J'ai Mc Afee, Avira aussi lol :p
0
Réponse 18 / 23
Damimi Messages postés 13 Statut Membre
 
Petit soucis, quand je veux scan en ligne il me met : SCAN FAILED, impossible danalyser lordinateur contre les virus, car il narrive pas a telecharger les mise a jour anti virus
0
Réponse 19 / 23
Utilisateur anonyme
 
Re,
ok.

Alors :
> Tu as plusieurs antivirus qui tournent en même temps sur ton PC => conflits, ça ralenti le PC et tu es moins bien protégé.
Ne garde que l'un des suivants (je te conseille BitDefender) supprime l'autre grâce au lien correspondant :

McAfee : https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=107083&lc=1036&partner=McAfee&type=TS&ia=1

eDataSecurity : http://ww25.acerpanam.com/synapse/data/7117/documents/eDataSecurity_2.5.3032.zip

Ensuite,
lance antivir, fais les mises à jour puis envoie un scanne. Poste alors son rapport stp.

Puis on termine.

A+
0
Réponse 20 / 23
Damimi Messages postés 13 Statut Membre
 
Voici mon rapport Avira :

Avira AntiVir Personal
Report file date: mercredi 10 septembre 2008 23:48

Scanning for 1608238 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DAMSCOMPUTER

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 22:46:01
ANTIVIR3.VDF : 7.0.6.142 314368 Bytes 10/09/2008 21:14:18
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 3/09/2008 22:46:09
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 3/09/2008 22:46:07
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 3/09/2008 22:46:06
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 3/09/2008 22:46:06
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 3/09/2008 22:46:04
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 3/09/2008 22:46:03
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 9/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 3/09/2008 22:46:02
AVREG.DLL : 8.0.0.1 33537 Bytes 9/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 10 septembre 2008 23:48

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'VC.exe' - '1' Module(s) have been scanned
Scan process 'acp2HID.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'AcerVCM.exe' - '1' Module(s) have been scanned
Scan process 'Launcher.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'PMVService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned
Scan process 'ArcadeDeluxeAgent.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HDPBSSS.exe' - '1' Module(s) have been scanned
Scan process 'RS_Service.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'BackupSvc.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'MobilityService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'BASVC.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'ETService.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'CLHNService.exe' - '1' Module(s) have been scanned
Scan process 'Agentsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'PLFSetI.exe' - '1' Module(s) have been scanned
Scan process 'PdtWzd.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'BkupTray.exe' - '1' Module(s) have been scanned
Scan process 'eAudio.exe' - '1' Module(s) have been scanned
Scan process 'eDSLoader.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'CompPtcVUI.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'vfsFPService.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
84 processes with 84 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '56' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Windows\System32\ralgncxg.exe.vir
[DETECTION] Is the TR/Obfuscated.GX.756 Trojan
[NOTE] A backup was created as '493444e5.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Users\Damien\WoW-2.0.0-frFR-Installer\DirectX\DirectX.cab
[0] Archive type: CAB (Microsoft)
--> vjoyd.vxd
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\137698b2e6c47a6fc1990547f08f1830\BIT8835.tmp
[0] Archive type: CAB (Microsoft)
--> 1
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\5be557add1a44ec4c820995e90118c53\BIT8A5C.tmp
[0] Archive type: CAB (Microsoft)
--> 142
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Windows\SoftwareDistribution\Download\82af5b70a3497396e33fa3d2a36ed479\BIT89FE.tmp
[0] Archive type: CAB (Microsoft)
--> 33
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\_OTMoveIt\MovedFiles\09042008_111455\ProgramData\dmtkrgnq\tibujwxq.exe
[DETECTION] Is the TR/Dldr.Obfuscated.dpe Trojan
[NOTE] A backup was created as '492a4838.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\_OTMoveIt\MovedFiles\09042008_111455\Windows\system32\glgnqxav.exe
[DETECTION] Is the TR/Obfuscated.GX.756 Trojan
[NOTE] A backup was created as '492f483c.qua' ( QUARANTINE )
[NOTE] The file was deleted!
Begin scan in 'D:\' <DATA>

End of the scan: jeudi 11 septembre 2008 00:31
Used time: 42:54 Minute(s)

The scan has been done completely.

14024 Scanning directories
282220 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
282215 Files not concerned
1956 Archives were scanned
6 Warnings
3 Notes
-1

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
a quoi sert softonic ?
durup1928 -
jacklyn -

25 réponses