Pub intenpestives
saven57
Messages postés
38
Statut
Membre
-
saven57 Messages postés 38 Statut Membre -
saven57 Messages postés 38 Statut Membre -
Bonjour,
Après avoir effectué la procédure contre les pub qui m'envahissent non stop je passe le rapport d'hijakthis, si quelqu'un pourrait m'aider, aucun soucis du coté d'AVG ni de mac affe,
sous Windows Vista.
Merci.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:21, on 15/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\franck\AppData\Local\kfdfd.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1440x900.cmd
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kfdfd] "c:\users\franck\appdata\local\kfdfd.exe" kfdfd
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: NameServer = 192.168.1.1
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
Après avoir effectué la procédure contre les pub qui m'envahissent non stop je passe le rapport d'hijakthis, si quelqu'un pourrait m'aider, aucun soucis du coté d'AVG ni de mac affe,
sous Windows Vista.
Merci.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:21, on 15/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\franck\AppData\Local\kfdfd.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1440x900.cmd
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kfdfd] "c:\users\franck\appdata\local\kfdfd.exe" kfdfd
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3463CBB6-6110-4A29-84FF-C94B47675F65}: NameServer = 192.168.1.1
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
A voir également:
- Pub intenpestives
- Supprimer pub youtube - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Supprimer la pub - Guide
- Musique pub italienne lalala - Forum Musique / Radio / Clip
- Pub par sms - Guide
8 réponses
slt télécharge combofix (par sUBs) à cette adresse :
(c est le numéro 5 en bas de la page) : https://www.androidworld.fr/
et enregistre le sur le Bureau.
désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
ensuite envois le rapport et refais un nouveau rapport hijackthis stp
(c est le numéro 5 en bas de la page) : https://www.androidworld.fr/
et enregistre le sur le Bureau.
désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
ensuite envois le rapport et refais un nouveau rapport hijackthis stp
Merci, mais j'ai certainement fait une manip irremediable >???
apres avoir installé le prog, plantage total, redémarrage puis plus de reseau,
du coup, restauration du systeme ...
apres avoir installé le prog, plantage total, redémarrage puis plus de reseau,
du coup, restauration du systeme ...
mac affe qui me trouve un soucis et ne veut plus me proteger en +, je reedit, ok pour mc affe,
Besoin d'un petit coup de main, les pubs continuent non stop.
Merci
Besoin d'un petit coup de main, les pubs continuent non stop.
Merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
j'ai arrivé a sortir un rapport avant le plantage,
ComboFix 08-09-15.01 - franck 2008-09-15 21:08:05.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2094 [GMT 2:00]
Lancé depuis: C:\Users\franck\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\franck\AppData\Local\kfdfd.dat
C:\Users\franck\AppData\Local\kfdfd.exe
C:\Users\franck\AppData\Local\kfdfd_nav.dat
C:\Users\franck\AppData\Local\kfdfd_navps.dat
----- BITS: Il y a peut-être des sites infectés -----
http://premium.virginmega.fr
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.
2008-09-15 20:33 . 2008-09-15 20:33 <REP> d-------- C:\Program Files\Trend Micro
2008-09-15 19:44 . 2008-09-15 19:44 <REP> d-------- C:\Users\franck\AppData\Roaming\Grisoft
2008-09-15 19:44 . 2008-09-15 19:44 <REP> d-------- C:\Users\All Users\Grisoft
2008-09-15 19:44 . 2008-09-15 19:44 <REP> d-------- C:\ProgramData\Grisoft
2008-09-15 19:44 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-09-13 22:48 . 2008-09-13 22:49 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-09-12 19:47 . 2008-09-12 19:47 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-09-12 19:47 . 2008-09-12 19:47 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-09-12 19:06 . 2008-09-12 19:06 <REP> d-------- C:\Program Files\CCleaner
2008-09-09 21:57 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 21:57 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 21:57 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 21:57 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 21:57 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 21:57 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 21:57 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 21:57 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 21:57 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-06 13:29 . 2008-09-06 13:29 <REP> d-------- C:\Program Files\Panda Security
2008-09-06 13:29 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-09-04 19:45 . 2008-09-07 19:50 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-09-04 19:45 . 2008-07-09 05:05 43,872 --------- C:\Windows\System32\drivers\PxHelp20.sys
2008-09-04 19:45 . 2008-07-09 05:05 9,200 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-09-04 19:45 . 2008-07-09 05:05 9,072 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-09-03 18:14 . 2008-09-03 18:14 <REP> d-------- C:\Users\Public\MediaServer
2008-09-03 18:04 . 2008-09-03 18:04 <REP> d-------- C:\Egis_Drive
2008-08-29 19:35 . 2008-08-29 19:35 <REP> d-------- C:\Program Files\VirginMega
2008-08-29 19:31 . 2008-08-29 19:31 <REP> d-------- C:\Users\All Users\Downloaded Installations
2008-08-29 19:31 . 2008-08-29 19:31 <REP> d-------- C:\ProgramData\Downloaded Installations
2008-08-29 19:22 . 2008-08-29 19:22 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-08-28 16:12 . 2008-08-28 16:12 <REP> d-------- C:\Users\All Users\NtiDvdCopy
2008-08-28 16:12 . 2008-08-28 16:12 <REP> d-------- C:\ProgramData\NtiDvdCopy
2008-08-28 16:08 . 2008-08-28 16:08 <REP> d-------- C:\Users\franck\AppData\Roaming\STOIK
2008-08-28 16:07 . 2008-08-28 16:07 <REP> d-------- C:\Users\franck\AppData\Roaming\InstallShield
2008-08-28 16:07 . 2008-08-28 16:07 <REP> d-------- C:\Program Files\STOIK Imaging
2008-08-28 16:07 . 2008-08-28 16:07 <REP> d-------- C:\Program Files\Common Files\ST System Shared
2008-08-28 16:07 . 2002-12-12 01:14 83,456 --------- C:\Windows\System32\l3codecx.ax
2008-08-28 15:00 . 2008-09-13 22:46 <REP> d-------- C:\Users\franck\AppData\Roaming\OpenOffice.org2
2008-08-28 14:59 . 2008-08-28 14:59 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-08-28 02:08 . 2008-08-28 02:11 <REP> d-------- C:\Users\franck\AppData\Roaming\DeepBurner
2008-08-27 23:09 . 2008-08-28 02:13 <REP> d-------- C:\Program Files\Astonsoft
2008-08-27 13:19 . 2008-08-27 13:19 <REP> d-------- C:\Program Files\Xvid
2008-08-27 13:19 . 2008-04-27 10:33 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-08-27 13:19 . 2008-04-27 10:35 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-08-27 13:19 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-08-26 20:59 . 2008-08-26 20:59 <REP> d-------- C:\Users\franck\AppData\Roaming\Gaijin Ent
2008-08-26 20:57 . 2008-08-26 20:57 <REP> d-------- C:\Users\All Users\Oberon Games
2008-08-26 20:57 . 2008-08-26 20:57 <REP> d-------- C:\ProgramData\Oberon Games
2008-08-26 20:31 . 2008-08-26 20:31 <REP> d-------- C:\Users\All Users\eMule
2008-08-26 20:31 . 2008-08-26 20:31 <REP> d-------- C:\ProgramData\eMule
2008-08-26 20:29 . 2008-08-26 20:29 <REP> d-------- C:\Program Files\eMule
2008-08-26 20:23 . 2008-08-26 20:23 <REP> d-------- C:\Users\All Users\Arcade Lab
2008-08-26 20:23 . 2008-08-26 20:23 <REP> d-------- C:\ProgramData\Arcade Lab
2008-08-26 20:19 . 2008-08-26 20:19 <REP> d-------- C:\Users\All Users\InterAction studios
2008-08-26 20:19 . 2008-08-26 20:19 <REP> d-------- C:\ProgramData\InterAction studios
2008-08-26 19:43 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 19:43 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 19:43 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 19:43 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 19:43 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 19:43 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 19:43 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 19:42 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 19:42 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-26 19:32 . 2008-08-28 14:47 <REP> d-------- C:\Program Files\Windows Live
2008-08-26 19:32 . 2008-08-26 19:38 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-26 19:31 . 2008-08-26 19:31 <REP> d-------- C:\Users\All Users\WLInstaller
2008-08-26 19:31 . 2008-08-26 19:31 <REP> d-------- C:\ProgramData\WLInstaller
2008-08-26 19:26 . 2008-08-26 19:26 <REP> d-------- C:\Users\franck\AppData\Roaming\PowerCinema
2008-08-26 19:26 . 2008-08-26 19:26 <REP> d-------- C:\Users\franck\AppData\Roaming\Acer HomeMedia
2008-08-26 19:16 . 2000-06-23 12:46 37,916 --a------ C:\Windows\WMPrfFRA.prx
2008-08-26 18:39 . 2008-08-26 19:27 <REP> d-------- C:\Users\franck\AppData\Roaming\CyberLink
2008-08-26 18:37 . 2008-08-26 18:37 <REP> d-------- C:\Users\franck\AppData\Roaming\FloodLightGames
2008-08-26 18:37 . 2008-08-27 01:01 <REP> d-a------ C:\Users\All Users\TEMP
2008-08-26 18:37 . 2008-08-27 01:01 <REP> d-a------ C:\ProgramData\TEMP
2008-08-26 17:40 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-26 17:34 . 2008-08-26 17:34 <REP> d-------- C:\Program Files\MSXML 4.0
2008-08-26 17:32 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-26 17:32 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-08-26 17:32 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-08-26 17:32 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-08-26 17:32 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-08-26 17:32 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-08-26 17:32 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-08-26 17:32 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-08-26 17:32 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-08-26 17:31 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-26 17:31 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-26 17:31 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-08-26 17:29 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-26 17:29 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-08-26 17:29 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-08-26 17:29 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-08-26 17:29 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-26 17:29 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-08-26 17:29 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-08-26 17:27 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-08-26 17:20 . 2008-08-26 17:20 <REP> d-------- C:\Users\franck\AppData\Roaming\Template
2008-08-26 17:20 . 2008-08-28 19:54 118 --a------ C:\Users\franck\AppData\Roaming\wklnhst.dat
2008-08-26 16:36 . 2008-08-28 14:39 <REP> d-------- C:\Users\franck\AppData\Roaming\eSobi
2008-08-26 16:26 . 2008-08-26 16:26 <REP> dr------- C:\Users\franck\Searches
2008-08-26 16:26 . 2008-08-26 16:26 <REP> d-------- C:\Users\franck\AppData\Roaming\ATI
2008-08-26 16:25 . 2008-08-26 16:26 <REP> dr------- C:\Users\franck\Videos
2008-08-26 16:25 . 2008-08-26 18:37 <REP> dr------- C:\Users\franck\Saved Games
2008-08-26 16:25 . 2008-09-04 19:45 <REP> dr------- C:\Users\franck\Pictures
2008-08-26 16:25 . 2008-09-03 19:28 <REP> dr------- C:\Users\franck\Music
2008-08-26 16:25 . 2008-08-26 16:26 <REP> dr------- C:\Users\franck\Links
2008-08-26 16:25 . 2008-09-15 21:03 <REP> dr------- C:\Users\franck\Downloads
2008-08-26 16:25 . 2008-09-05 00:16 <REP> dr------- C:\Users\franck\Documents
2008-08-26 16:25 . 2008-08-26 19:40 <REP> dr------- C:\Users\franck\Contacts
2008-08-26 16:25 . 2008-08-26 16:25 <REP> d-------- C:\Users\franck\AppData\Roaming\SiteAdvisor
2008-08-26 16:25 . 2006-11-02 14:37 <REP> d-------- C:\Users\franck\AppData\Roaming\Media Center Programs
2008-08-26 16:25 . 2008-03-21 13:35 <REP> d-------- C:\Users\franck\AppData\Roaming\Acer GameZone Console
2008-08-26 16:25 . 2008-08-26 16:26 <REP> d--h----- C:\Users\franck\AppData
2008-08-26 16:25 . 2008-08-28 02:40 <REP> d-------- C:\Users\franck
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 17:06 --------- d-----w C:\Program Files\Yahoo!
2008-09-12 15:03 --------- d-----w C:\Program Files\McAfee
2008-09-10 01:00 --------- d-----w C:\Program Files\Microsoft Works
2008-08-30 20:25 --------- d-----w C:\Program Files\SiteAdvisor
2008-08-28 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 12:46 --------- d-----w C:\Program Files\Acer GameZone
2008-08-28 12:44 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-28 12:39 --------- d-----w C:\Program Files\eSobi
2008-08-28 12:38 --------- d-----w C:\ProgramData\eSobi
2008-08-26 17:19 --------- d-----w C:\Program Files\Acer Arcade Live
2008-08-26 16:40 --------- d-----w C:\ProgramData\CyberLink
2008-08-26 15:42 --------- d-----w C:\Program Files\Windows Mail
2008-08-26 14:22 --------- d-sh--w C:\ProgramData\Modèles
2008-08-26 14:22 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-08-26 14:22 --------- d-sh--w C:\ProgramData\Favoris
2008-08-26 14:22 --------- d-sh--w C:\ProgramData\Bureau
2008-08-26 14:22 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 00:38 121392 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-21 81920]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2007-12-07 196128]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 C:\Windows\RtHDVCpl.exe]
C:\Users\franck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-03-21 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{57072285-1559-4EA8-9BA9-D616D959450E}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{DDDA7B1A-41EF-4131-96C1-90AC8E0E8592}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{2BCCB73C-2288-4679-9B1C-D38498167152}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{4F421440-7BBE-4A5A-92B6-3BCE3A7A3746}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{824144D1-BA1E-4B77-BF91-D619C6B25C0E}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{373742EE-10D8-47B1-93B3-8892C8FB35FA}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{78014FE7-0A16-4633-8F71-B1910D413968}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{B043E5A2-4A9A-4DED-952D-105ACCD57FF8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{A8AF1DBD-D89D-492B-9C13-7BD8610E8340}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{474181A9-BFEA-40E7-A346-E77F2BA793D3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-08 131616]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-20 3514368]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2007-07-16 30752]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-kfdfd - c:\users\franck\appdata\local\kfdfd.exe
HKLM-Run-Acer Tour Reminder - C:\Acer\AcerTour\Reminder.exe
HKLM-Run-Setresolution - C:\ACERSW\config\1440x900.cmd
HKLM-Run-Apanel - C:\ACERSW\config\NewSetApanel.cmd
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\franck\AppData\Roaming\Mozilla\Firefox\Profiles\u43fyssl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 21:11:01
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\Users\franck\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2008-09-15 21:12:22
ComboFix-quarantined-files.txt 2008-09-15 19:12:17
Avant-CF: 114,443,259,904 octets libres
AprŠs-CF: 115,412,762,624 octets libres
275 --- E O F --- 2008-09-10 01:01:49
ComboFix 08-09-15.01 - franck 2008-09-15 21:08:05.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2094 [GMT 2:00]
Lancé depuis: C:\Users\franck\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\franck\AppData\Local\kfdfd.dat
C:\Users\franck\AppData\Local\kfdfd.exe
C:\Users\franck\AppData\Local\kfdfd_nav.dat
C:\Users\franck\AppData\Local\kfdfd_navps.dat
----- BITS: Il y a peut-être des sites infectés -----
http://premium.virginmega.fr
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.
2008-09-15 20:33 . 2008-09-15 20:33 <REP> d-------- C:\Program Files\Trend Micro
2008-09-15 19:44 . 2008-09-15 19:44 <REP> d-------- C:\Users\franck\AppData\Roaming\Grisoft
2008-09-15 19:44 . 2008-09-15 19:44 <REP> d-------- C:\Users\All Users\Grisoft
2008-09-15 19:44 . 2008-09-15 19:44 <REP> d-------- C:\ProgramData\Grisoft
2008-09-15 19:44 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-09-13 22:48 . 2008-09-13 22:49 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-09-12 19:47 . 2008-09-12 19:47 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-09-12 19:47 . 2008-09-12 19:47 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-09-12 19:06 . 2008-09-12 19:06 <REP> d-------- C:\Program Files\CCleaner
2008-09-09 21:57 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 21:57 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 21:57 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 21:57 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 21:57 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 21:57 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 21:57 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 21:57 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 21:57 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-06 13:29 . 2008-09-06 13:29 <REP> d-------- C:\Program Files\Panda Security
2008-09-06 13:29 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-09-04 19:45 . 2008-09-07 19:50 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-09-04 19:45 . 2008-07-09 05:05 43,872 --------- C:\Windows\System32\drivers\PxHelp20.sys
2008-09-04 19:45 . 2008-07-09 05:05 9,200 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-09-04 19:45 . 2008-07-09 05:05 9,072 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-09-03 18:14 . 2008-09-03 18:14 <REP> d-------- C:\Users\Public\MediaServer
2008-09-03 18:04 . 2008-09-03 18:04 <REP> d-------- C:\Egis_Drive
2008-08-29 19:35 . 2008-08-29 19:35 <REP> d-------- C:\Program Files\VirginMega
2008-08-29 19:31 . 2008-08-29 19:31 <REP> d-------- C:\Users\All Users\Downloaded Installations
2008-08-29 19:31 . 2008-08-29 19:31 <REP> d-------- C:\ProgramData\Downloaded Installations
2008-08-29 19:22 . 2008-08-29 19:22 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-08-28 16:12 . 2008-08-28 16:12 <REP> d-------- C:\Users\All Users\NtiDvdCopy
2008-08-28 16:12 . 2008-08-28 16:12 <REP> d-------- C:\ProgramData\NtiDvdCopy
2008-08-28 16:08 . 2008-08-28 16:08 <REP> d-------- C:\Users\franck\AppData\Roaming\STOIK
2008-08-28 16:07 . 2008-08-28 16:07 <REP> d-------- C:\Users\franck\AppData\Roaming\InstallShield
2008-08-28 16:07 . 2008-08-28 16:07 <REP> d-------- C:\Program Files\STOIK Imaging
2008-08-28 16:07 . 2008-08-28 16:07 <REP> d-------- C:\Program Files\Common Files\ST System Shared
2008-08-28 16:07 . 2002-12-12 01:14 83,456 --------- C:\Windows\System32\l3codecx.ax
2008-08-28 15:00 . 2008-09-13 22:46 <REP> d-------- C:\Users\franck\AppData\Roaming\OpenOffice.org2
2008-08-28 14:59 . 2008-08-28 14:59 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-08-28 02:08 . 2008-08-28 02:11 <REP> d-------- C:\Users\franck\AppData\Roaming\DeepBurner
2008-08-27 23:09 . 2008-08-28 02:13 <REP> d-------- C:\Program Files\Astonsoft
2008-08-27 13:19 . 2008-08-27 13:19 <REP> d-------- C:\Program Files\Xvid
2008-08-27 13:19 . 2008-04-27 10:33 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-08-27 13:19 . 2008-04-27 10:35 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-08-27 13:19 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-08-26 20:59 . 2008-08-26 20:59 <REP> d-------- C:\Users\franck\AppData\Roaming\Gaijin Ent
2008-08-26 20:57 . 2008-08-26 20:57 <REP> d-------- C:\Users\All Users\Oberon Games
2008-08-26 20:57 . 2008-08-26 20:57 <REP> d-------- C:\ProgramData\Oberon Games
2008-08-26 20:31 . 2008-08-26 20:31 <REP> d-------- C:\Users\All Users\eMule
2008-08-26 20:31 . 2008-08-26 20:31 <REP> d-------- C:\ProgramData\eMule
2008-08-26 20:29 . 2008-08-26 20:29 <REP> d-------- C:\Program Files\eMule
2008-08-26 20:23 . 2008-08-26 20:23 <REP> d-------- C:\Users\All Users\Arcade Lab
2008-08-26 20:23 . 2008-08-26 20:23 <REP> d-------- C:\ProgramData\Arcade Lab
2008-08-26 20:19 . 2008-08-26 20:19 <REP> d-------- C:\Users\All Users\InterAction studios
2008-08-26 20:19 . 2008-08-26 20:19 <REP> d-------- C:\ProgramData\InterAction studios
2008-08-26 19:43 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 19:43 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 19:43 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 19:43 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 19:43 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 19:43 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 19:43 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 19:42 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 19:42 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-26 19:32 . 2008-08-28 14:47 <REP> d-------- C:\Program Files\Windows Live
2008-08-26 19:32 . 2008-08-26 19:38 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-26 19:31 . 2008-08-26 19:31 <REP> d-------- C:\Users\All Users\WLInstaller
2008-08-26 19:31 . 2008-08-26 19:31 <REP> d-------- C:\ProgramData\WLInstaller
2008-08-26 19:26 . 2008-08-26 19:26 <REP> d-------- C:\Users\franck\AppData\Roaming\PowerCinema
2008-08-26 19:26 . 2008-08-26 19:26 <REP> d-------- C:\Users\franck\AppData\Roaming\Acer HomeMedia
2008-08-26 19:16 . 2000-06-23 12:46 37,916 --a------ C:\Windows\WMPrfFRA.prx
2008-08-26 18:39 . 2008-08-26 19:27 <REP> d-------- C:\Users\franck\AppData\Roaming\CyberLink
2008-08-26 18:37 . 2008-08-26 18:37 <REP> d-------- C:\Users\franck\AppData\Roaming\FloodLightGames
2008-08-26 18:37 . 2008-08-27 01:01 <REP> d-a------ C:\Users\All Users\TEMP
2008-08-26 18:37 . 2008-08-27 01:01 <REP> d-a------ C:\ProgramData\TEMP
2008-08-26 17:40 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-26 17:34 . 2008-08-26 17:34 <REP> d-------- C:\Program Files\MSXML 4.0
2008-08-26 17:32 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-26 17:32 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-08-26 17:32 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-08-26 17:32 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-08-26 17:32 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-08-26 17:32 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-08-26 17:32 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-08-26 17:32 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-08-26 17:32 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-08-26 17:31 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-26 17:31 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-26 17:31 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-08-26 17:29 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-26 17:29 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-08-26 17:29 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-08-26 17:29 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-08-26 17:29 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-26 17:29 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-08-26 17:29 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-08-26 17:27 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-08-26 17:20 . 2008-08-26 17:20 <REP> d-------- C:\Users\franck\AppData\Roaming\Template
2008-08-26 17:20 . 2008-08-28 19:54 118 --a------ C:\Users\franck\AppData\Roaming\wklnhst.dat
2008-08-26 16:36 . 2008-08-28 14:39 <REP> d-------- C:\Users\franck\AppData\Roaming\eSobi
2008-08-26 16:26 . 2008-08-26 16:26 <REP> dr------- C:\Users\franck\Searches
2008-08-26 16:26 . 2008-08-26 16:26 <REP> d-------- C:\Users\franck\AppData\Roaming\ATI
2008-08-26 16:25 . 2008-08-26 16:26 <REP> dr------- C:\Users\franck\Videos
2008-08-26 16:25 . 2008-08-26 18:37 <REP> dr------- C:\Users\franck\Saved Games
2008-08-26 16:25 . 2008-09-04 19:45 <REP> dr------- C:\Users\franck\Pictures
2008-08-26 16:25 . 2008-09-03 19:28 <REP> dr------- C:\Users\franck\Music
2008-08-26 16:25 . 2008-08-26 16:26 <REP> dr------- C:\Users\franck\Links
2008-08-26 16:25 . 2008-09-15 21:03 <REP> dr------- C:\Users\franck\Downloads
2008-08-26 16:25 . 2008-09-05 00:16 <REP> dr------- C:\Users\franck\Documents
2008-08-26 16:25 . 2008-08-26 19:40 <REP> dr------- C:\Users\franck\Contacts
2008-08-26 16:25 . 2008-08-26 16:25 <REP> d-------- C:\Users\franck\AppData\Roaming\SiteAdvisor
2008-08-26 16:25 . 2006-11-02 14:37 <REP> d-------- C:\Users\franck\AppData\Roaming\Media Center Programs
2008-08-26 16:25 . 2008-03-21 13:35 <REP> d-------- C:\Users\franck\AppData\Roaming\Acer GameZone Console
2008-08-26 16:25 . 2008-08-26 16:26 <REP> d--h----- C:\Users\franck\AppData
2008-08-26 16:25 . 2008-08-28 02:40 <REP> d-------- C:\Users\franck
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 17:06 --------- d-----w C:\Program Files\Yahoo!
2008-09-12 15:03 --------- d-----w C:\Program Files\McAfee
2008-09-10 01:00 --------- d-----w C:\Program Files\Microsoft Works
2008-08-30 20:25 --------- d-----w C:\Program Files\SiteAdvisor
2008-08-28 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 12:46 --------- d-----w C:\Program Files\Acer GameZone
2008-08-28 12:44 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-28 12:39 --------- d-----w C:\Program Files\eSobi
2008-08-28 12:38 --------- d-----w C:\ProgramData\eSobi
2008-08-26 17:19 --------- d-----w C:\Program Files\Acer Arcade Live
2008-08-26 16:40 --------- d-----w C:\ProgramData\CyberLink
2008-08-26 15:42 --------- d-----w C:\Program Files\Windows Mail
2008-08-26 14:22 --------- d-sh--w C:\ProgramData\Modèles
2008-08-26 14:22 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-08-26 14:22 --------- d-sh--w C:\ProgramData\Favoris
2008-08-26 14:22 --------- d-sh--w C:\ProgramData\Bureau
2008-08-26 14:22 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 00:38 121392 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-21 81920]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2007-12-07 196128]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 C:\Windows\RtHDVCpl.exe]
C:\Users\franck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-03-21 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{57072285-1559-4EA8-9BA9-D616D959450E}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{DDDA7B1A-41EF-4131-96C1-90AC8E0E8592}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{2BCCB73C-2288-4679-9B1C-D38498167152}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{4F421440-7BBE-4A5A-92B6-3BCE3A7A3746}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{824144D1-BA1E-4B77-BF91-D619C6B25C0E}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{373742EE-10D8-47B1-93B3-8892C8FB35FA}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{78014FE7-0A16-4633-8F71-B1910D413968}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{B043E5A2-4A9A-4DED-952D-105ACCD57FF8}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{A8AF1DBD-D89D-492B-9C13-7BD8610E8340}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{474181A9-BFEA-40E7-A346-E77F2BA793D3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-08 131616]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-20 3514368]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2007-07-16 30752]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-kfdfd - c:\users\franck\appdata\local\kfdfd.exe
HKLM-Run-Acer Tour Reminder - C:\Acer\AcerTour\Reminder.exe
HKLM-Run-Setresolution - C:\ACERSW\config\1440x900.cmd
HKLM-Run-Apanel - C:\ACERSW\config\NewSetApanel.cmd
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\franck\AppData\Roaming\Mozilla\Firefox\Profiles\u43fyssl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 21:11:01
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\Users\franck\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2008-09-15 21:12:22
ComboFix-quarantined-files.txt 2008-09-15 19:12:17
Avant-CF: 114,443,259,904 octets libres
AprŠs-CF: 115,412,762,624 octets libres
275 --- E O F --- 2008-09-10 01:01:49
