Bonjour, Voila j'ai un gros problème avec mon pc voila plusieurs jours qu'il rame et maintenant le panneau de configuration ne veux plus s'ouvrir. Lorsque j'ouvre le gestionnaire de taches je vois deux .exe s'afficher il s'agit de csrss.exe et winlogo.exe Comment je peux faire pour supprimer tout ça. Ma config : Windows vista et avst comme antivirus et defenza comme anti spyware s'il vous plait aidez moi je vais craquer !!!!!!!

Mon pc est HS !!!

Réponse 21 / 94

GégeX
18 nov. 2008 à 08:47

Je ne peux pas désactiver le pare-feu car je n'ai plus accès à mon panneau de config !!! Comment faire stp

Réponse 22 / 94

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
18 nov. 2008 à 08:49

désactive juste ton antivirus dans la barre des tâches en bas à droite

Réponse 23 / 94

GégeX
18 nov. 2008 à 08:54

ComboFix 08-11-16.05 - GégeX 2008-11-18 8:47:08.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1009 [GMT 1:00]
Lancé depuis: c:\users\GégeX\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\drv\Tuner\Yuan\Resources\_desktop.ini
c:\windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.

2008-11-18 07:33 . 2008-11-18 07:33 <REP> d-------- c:\users\GégeX\AppData\Roaming\Malwarebytes
2008-11-18 07:33 . 2008-11-18 07:33 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-18 07:33 . 2008-11-18 07:33 <REP> d-------- c:\programdata\Malwarebytes
2008-11-18 07:33 . 2008-11-18 07:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-18 07:33 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-18 07:33 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-18 07:29 . 2008-11-18 07:29 3,948 --a------ c:\windows\System32\tmp.reg
2008-11-18 07:28 . 2007-09-05 23:22 289,144 --a------ c:\windows\System32\VCCLSID.exe
2008-11-18 07:28 . 2006-04-27 16:49 288,417 --a------ c:\windows\System32\SrchSTS.exe
2008-11-18 07:28 . 2008-10-01 14:51 87,552 --a------ c:\windows\System32\VACFix.exe
2008-11-18 07:28 . 2008-10-10 07:58 82,944 --a------ c:\windows\System32\o4Patch.exe
2008-11-18 07:28 . 2008-05-18 20:40 82,944 --a------ c:\windows\System32\IEDFix.exe
2008-11-18 07:28 . 2008-10-10 07:58 82,944 --a------ c:\windows\System32\IEDFix.C.exe
2008-11-18 07:28 . 2008-08-18 11:19 82,432 --a------ c:\windows\System32\404Fix.exe
2008-11-18 07:28 . 2003-06-05 20:13 53,248 --a------ c:\windows\System32\Process.exe
2008-11-18 07:28 . 2004-07-31 17:50 51,200 --a------ c:\windows\System32\dumphive.exe
2008-11-18 07:28 . 2007-10-03 23:36 25,600 --a------ c:\windows\System32\WS2Fix.exe
2008-11-18 07:22 . 2008-11-18 07:22 <REP> d-------- c:\program files\Trend Micro
2008-11-18 03:16 . 2008-11-18 07:56 216 --a------ c:\windows\System32\SBFC.dat
2008-11-18 03:16 . 2008-11-18 03:16 0 --a------ c:\windows\System32\SBRC.dat
2008-11-18 02:09 . 2008-11-18 02:09 3,120 --a------ c:\windows\118294.78
2008-11-18 02:08 . 2008-11-18 07:57 <REP> d-------- c:\program files\Defenza
2008-11-18 02:08 . 1996-08-20 20:37 15,840 --a------ c:\windows\System32\Machnm1.exe
2008-11-18 02:08 . 2005-09-25 16:37 5,632 --a------ c:\windows\System32\Machnm64.sys
2008-11-18 02:08 . 2008-11-18 02:08 3,120 --a------ c:\windows\System32\118290.54
2008-11-18 02:08 . 2003-08-13 00:27 2,304 --a------ c:\windows\System32\Machnm32.sys
2008-11-18 02:00 . 2008-11-18 02:00 <REP> d-------- c:\users\GégeX\AppData\Roaming\PC Tools
2008-11-18 02:00 . 2008-11-18 02:48 <REP> d-a------ c:\users\All Users\TEMP
2008-11-18 02:00 . 2008-11-18 02:48 <REP> d-a------ c:\programdata\TEMP
2008-11-18 02:00 . 2008-11-18 02:02 <REP> d-------- c:\program files\Spyware Doctor
2008-11-18 02:00 . 2008-08-25 12:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-11-18 02:00 . 2008-08-25 12:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-11-18 02:00 . 2008-08-25 12:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-11-18 02:00 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-11-18 01:50 . 2008-11-18 01:50 <REP> d-------- c:\windows\System32\Kaspersky Lab
2008-11-18 01:35 . 2008-11-06 02:03 <REP> d-------- C:\SDFix
2008-11-18 00:36 . 2008-11-18 00:36 <REP> d-------- C:\!KillBox
2008-11-18 00:30 . 2008-11-18 00:56 309,037,745 --a------ c:\windows\MEMORY.DMP
2008-11-18 00:15 . 2008-11-18 00:15 <REP> d-------- c:\users\GégeX\AppData\Roaming\Uniblue
2008-11-18 00:15 . 2008-11-18 01:39 <REP> d--h-c--- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-18 00:15 . 2008-11-18 01:39 <REP> d--h-c--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-18 00:15 . 2008-11-18 00:15 <REP> d-------- c:\program files\Uniblue
2008-11-18 00:03 . 2008-11-18 00:03 <REP> d-------- c:\program files\CCleaner
2008-11-17 23:55 . 2008-11-17 23:55 <REP> d-------- c:\program files\Free.fr
2008-11-17 14:27 . 2008-11-17 14:27 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-15 22:53 . 2008-11-15 22:53 <REP> d-------- c:\users\GégeX\AppData\Roaming\teamspeak2
2008-11-15 22:52 . 2008-11-15 22:53 <REP> d-------- c:\program files\Teamspeak2_RC2
2008-11-15 22:52 . 2008-11-15 22:52 34,064 --a------ c:\windows\System32\lhacm.acm
2008-11-15 21:30 . 2008-11-15 21:30 <REP> d-------- c:\windows\Sun
2008-11-15 21:30 . 2008-11-15 21:30 <REP> d-------- c:\users\GégeX\AppData\Roaming\SystemRequirementsLab
2008-11-15 21:30 . 2008-11-15 21:31 <REP> d-------- c:\program files\SystemRequirementsLab
2008-11-15 21:29 . 2008-11-15 21:29 <REP> d-------- C:\NVIDIA
2008-11-15 18:56 . 2008-11-17 23:39 <REP> d-------- c:\program files\InstantTouch
2008-11-15 03:54 . 2008-11-15 04:07 <REP> d-------- c:\users\GégeX\AppData\Roaming\mIRC
2008-11-15 03:54 . 2008-11-15 03:55 <REP> d-------- c:\program files\mIRC
2008-11-15 01:32 . 2008-11-15 01:32 <REP> d-------- C:\PerfLogs
2008-11-15 00:35 . 2008-01-19 08:38 4,595,712 --a------ c:\windows\System32\AuthFWSnapin.dll
2008-11-15 00:34 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-11-15 00:33 . 2008-01-19 08:32 5,714,432 --a------ c:\windows\System32\logon.scr
2008-11-15 00:32 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-11-15 00:31 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-11-15 00:31 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-11-15 00:31 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-11-15 00:31 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-11-15 00:31 . 2006-11-02 10:39 6,656 --a------ c:\windows\System32\kbd106.dll
2008-11-15 00:11 . 2008-07-19 06:09 563,912 --a------ c:\windows\System32\wuapi.dll
2008-11-15 00:11 . 2008-07-19 04:44 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-15 00:11 . 2008-07-19 06:10 36,552 --a------ c:\windows\System32\wups.dll
2008-11-14 21:30 . 2008-11-14 21:30 <REP> d-------- C:\Programs
2008-11-14 10:44 . 2008-11-18 08:33 <REP> d-------- c:\program files\Steam
2008-11-14 10:30 . 2008-11-14 10:30 312,862 --a------ c:\windows\CSSBScript - Version Full Uninstaller.exe
2008-11-14 10:28 . 2008-11-14 10:28 269,312 --a------ c:\windows\System32\es.dll
2008-11-14 10:27 . 2008-11-14 10:27 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-14 10:11 . 2002-11-14 15:32 55,808 --a------ c:\windows\devcon.exe
2008-11-14 10:11 . 2008-11-14 00:27 1,550 --a------ c:\windows\CLEANUP.CMD
2008-11-14 10:11 . 2007-06-26 05:48 387 --a------ c:\windows\MSSFT_RB.CMD
2008-11-14 10:11 . 2007-01-15 13:28 336 --a------ c:\windows\ACERTOURREMINDERRUN.REG
2008-11-14 10:11 . 2004-10-01 21:32 92 --a------ c:\windows\CLEANUP.INI
2008-11-14 10:11 . 2004-12-08 20:32 30 --a------ c:\windows\SETPANEL.INI
2008-11-14 10:11 . 2007-01-11 10:50 23 --a------ c:\windows\System32\$Acer$.cmd
2008-11-14 05:57 . 2008-11-14 05:57 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 05:57 . 2008-11-14 05:57 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 05:57 . 2008-11-14 05:57 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 05:57 . 2008-11-14 05:57 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 05:56 . 2008-11-14 05:56 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 05:56 . 2008-11-14 05:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-14 05:33 . 2008-11-14 05:33 <REP> d-------- c:\users\GégeX\AppData\Roaming\WinRAR
2008-11-14 05:32 . 2008-11-14 05:59 <REP> d-------- c:\program files\7-Zip
2008-11-14 05:31 . 2008-11-14 05:31 <REP> d-------- c:\users\GégeX\AppData\Roaming\Mozilla
2008-11-14 05:25 . 2008-11-14 05:25 <REP> d-------- c:\users\GégeX\AppData\Roaming\Talkback
2008-11-14 04:15 . 2008-11-14 04:22 <REP> d-------- c:\program files\Windows Live
2008-11-14 04:15 . 2008-11-14 13:46 <REP> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-14 04:14 . 2008-11-14 13:44 <REP> d-------- c:\users\All Users\WLInstaller
2008-11-14 04:14 . 2008-11-14 13:44 <REP> d-------- c:\programdata\WLInstaller
2008-11-14 04:04 . 2008-11-14 04:04 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-11-14 04:04 . 2008-11-14 04:04 272,896 --a------ c:\windows\System32\polstore.dll
2008-11-14 04:04 . 2008-11-14 04:04 61,440 --a------ c:\windows\System32\winipsec.dll
2008-11-14 04:04 . 2008-11-14 04:04 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-11-14 04:00 . 2008-11-14 04:00 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-14 04:00 . 2008-11-14 04:00 2,048 --a------ c:\windows\System32\tzres.dll
2008-11-14 03:57 . 2008-11-14 03:57 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-11-14 03:57 . 2008-11-14 03:57 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-14 03:57 . 2008-11-14 03:57 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-11-14 03:57 . 2008-11-14 03:57 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-14 03:51 . 2008-11-14 03:51 988,216 --a------ c:\windows\System32\winload.exe
2008-11-14 03:51 . 2008-11-14 03:51 927,288 --a------ c:\windows\System32\winresume.exe
2008-11-14 03:51 . 2008-11-14 03:51 615,992 --a------ c:\windows\System32\ci.dll
2008-11-14 03:51 . 2008-11-14 03:51 378,368 --a------ c:\windows\System32\srcore.dll
2008-11-14 03:51 . 2008-11-14 03:51 318,464 --a------ c:\windows\System32\rstrui.exe
2008-11-14 03:51 . 2008-11-14 03:51 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2008-11-14 03:51 . 2008-11-14 03:51 40,960 --a------ c:\windows\System32\srclient.dll
2008-11-14 03:51 . 2008-11-14 03:51 19,000 --a------ c:\windows\System32\kd1394.dll
2008-11-14 03:51 . 2008-11-14 03:51 14,848 --a------ c:\windows\System32\srdelayed.exe
2008-11-14 03:51 . 2008-11-14 03:51 6,656 --a------ c:\windows\System32\kbd106n.dll
2008-11-14 03:49 . 2008-11-14 03:49 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-14 03:49 . 2008-11-14 03:49 295,936 --a------ c:\windows\System32\gdi32.dll
2008-11-14 03:49 . 2008-11-14 03:49 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-11-14 03:49 . 2008-11-14 03:49 37,888 --a------ c:\windows\System32\printcom.dll
2008-11-14 03:48 . 2008-11-14 03:48 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2008-11-14 03:48 . 2008-11-14 03:48 14,848 --a------ c:\windows\System32\wshrm.dll
2008-11-14 03:46 . 2008-11-14 03:46 1,314,816 --a------ c:\windows\System32\quartz.dll
2008-11-14 03:46 . 2008-11-14 03:46 738,304 --a------ c:\windows\System32\inetcomm.dll
2008-11-14 03:46 . 2008-11-14 03:46 84,480 --a------ c:\windows\System32\INETRES.dll
2008-11-14 03:45 . 2008-11-14 03:45 <REP> d-------- c:\program files\MSXML 4.0
2008-11-14 03:44 . 2008-11-14 03:44 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 07:49 2,097,152 --sha-w c:\users\GégeX\ntuser.dat
2008-11-18 07:49 2,097,152 --sha-w c:\users\GégeX\ntuser.dat
2008-11-18 06:33 --------- d-----w c:\users\GégeX\AppData\Roaming\Malwarebytes
2008-11-18 02:27 27,839 ----a-w c:\users\GégeX\AppData\Roaming\nvModes.dat
2008-11-18 01:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 01:00 --------- d-----w c:\users\GégeX\AppData\Roaming\PC Tools
2008-11-17 23:15 --------- d-----w c:\users\GégeX\AppData\Roaming\Uniblue
2008-11-17 21:06 --------- d-s---w c:\users\GégeX\AppData\Roaming\Microsoft
2008-11-15 21:53 --------- d-----w c:\users\GégeX\AppData\Roaming\teamspeak2
2008-11-15 20:48 8,534,560 ----a-w c:\windows\System32\nvcpl.dll
2008-11-15 20:48 795,104 ----a-w c:\windows\System32\dpinst.exe
2008-11-15 20:48 6,537,216 ----a-w c:\windows\System32\nvdisps.dll
2008-11-15 20:48 5,611,520 ----a-w c:\windows\System32\nvdispsr.dll
2008-11-15 20:48 5,263,360 ----a-w c:\windows\System32\nvd3dum.dll
2008-11-15 20:48 389,120 ----a-w c:\windows\System32\nvapi.dll
2008-11-15 20:48 35,328 ----a-w c:\windows\System32\nvcod100.dll
2008-11-15 20:48 35,328 ----a-w c:\windows\System32\nvcod.dll
2008-11-15 20:48 147,456 ----a-w c:\windows\System32\nvcolor.exe
2008-11-15 20:30 --------- d-----w c:\users\GégeX\AppData\Roaming\SystemRequirementsLab
2008-11-15 03:07 --------- d-----w c:\users\GégeX\AppData\Roaming\mIRC
2008-11-15 00:39 174 --sha-w c:\program files\desktop.ini
2008-11-15 00:33 --------- d-----w c:\program files\Windows Sidebar
2008-11-15 00:33 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-15 00:33 --------- d-----w c:\program files\Windows Mail
2008-11-15 00:33 --------- d-----w c:\program files\Windows Journal
2008-11-15 00:33 --------- d-----w c:\program files\Windows Defender
2008-11-15 00:33 --------- d-----w c:\program files\Windows Collaboration
2008-11-15 00:33 --------- d-----w c:\program files\Windows Calendar
2008-11-14 23:50 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-14 23:50 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-14 15:24 --------- d-----w c:\users\GégeX\AppData\Roaming\Mumble
2008-11-14 09:28 --------- d-----w c:\programdata\Microsoft Help
2008-11-14 09:23 --------- d-----w c:\program files\Microsoft Works
2008-11-14 05:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-14 04:44 --------- d-----w c:\users\GégeX\AppData\Roaming\Adobe
2008-11-14 04:33 --------- d-----w c:\users\GégeX\AppData\Roaming\WinRAR
2008-11-14 04:31 --------- d-----w c:\users\GégeX\AppData\Roaming\Mozilla
2008-11-14 04:25 --------- d-----w c:\users\GégeX\AppData\Roaming\Talkback
2008-11-14 01:24 --------- d-----w c:\programdata\CyberLink
2008-11-14 00:53 --------- d-----w c:\users\GégeX\AppData\Roaming\InstallShield
2008-11-14 00:49 --------- d-----w c:\users\GégeX\AppData\Roaming\OpenOffice.org
2008-11-14 00:30 --------- d-----w c:\program files\Acer Arcade Deluxe
2008-11-13 23:27 --------- d-----w c:\users\GégeX\AppData\Roaming\Macromedia
2008-11-13 23:27 --------- d-----w c:\users\GégeX\AppData\Roaming\Identities
2008-11-13 23:23 --------- d-sh--w c:\programdata\Modèles
2008-11-13 23:23 --------- d-sh--w c:\programdata\Menu Démarrer
2008-11-13 23:23 --------- d-sh--w c:\programdata\Favoris
2008-11-13 23:23 --------- d-sh--w c:\programdata\Bureau
2008-11-13 23:23 --------- d-sh--w c:\program files\Fichiers communs
2008-11-13 23:19 --------- d-----w c:\program files\Intel
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Steam"="c:\progra~1\steam\steam.exe" [2008-11-17 1410296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-11-15 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-15 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-15 81920]
"PCDAS"="c:\program files\Defenza\pcd-as.exe" [2006-12-15 1359872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-10 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25219AE5-C395-490A-927D-5917C456B162}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{73385A75-B0A0-486B-93DA-EB45C508EAE8}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{B692E47A-942F-4203-B25E-D267FCBB3C8E}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{6EFBE2AE-93A1-48B4-AA83-9B950E0E9A9C}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{599061C4-E8E8-4176-94E4-E46B4B900A27}"= UDP:c:\users\GégeX\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{776074BA-B032-4307-92BD-D7F14B580162}"= TCP:c:\users\GégeX\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{D19CDF6F-0F49-42EB-B883-7F22D00CF14E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C39007CD-C65D-4B86-A380-BA60AAA40CD7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{51E11DDD-F61A-4533-9604-BF177924478D}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{51B735FC-D18E-4ADB-B6E3-6803DD86FB6B}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{93F43C8B-9BB2-4095-B35F-C995DC7620F2}c:\\program files\\instanttouch\\bin\\cmcenterv2.exe"= UDP:c:\program files\instanttouch\bin\cmcenterv2.exe:CmCenter Module
"UDP Query User{EA21EA95-801A-4250-B267-94D1184E7FD8}c:\\program files\\instanttouch\\bin\\cmcenterv2.exe"= TCP:c:\program files\instanttouch\bin\cmcenterv2.exe:CmCenter Module
"TCP Query User{7D68889B-82BD-4808-9D6D-FFA3BF62923B}c:\\program files\\steam\\steamapps\\samsufy972\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samsufy972\counter-strike source\hl2.exe:hl2
"UDP Query User{F7D4D6E8-A009-4F41-B081-E662703F6685}c:\\program files\\steam\\steamapps\\samsufy972\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samsufy972\counter-strike source\hl2.exe:hl2
"TCP Query User{FF94C0FE-0480-4A80-8384-FB843C558E30}c:\\program files\\instanttouch\\bin\\cmcenterv2.exe"= UDP:c:\program files\instanttouch\bin\cmcenterv2.exe:CmCenter Module
"UDP Query User{440D37D8-0C53-466F-985C-3A13AE24088C}c:\\program files\\instanttouch\\bin\\cmcenterv2.exe"= TCP:c:\program files\instanttouch\bin\cmcenterv2.exe:CmCenter Module

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-14 78416]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\c:\program files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2008-11-14 01:30:10 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-14 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-14 50768]
R2 Machnm32;Machnm32 Driver;\??\c:\windows\System32\Machnm32.sys [2008-11-18 2304]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-08-10 179712]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-08-10 32256]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [2008-11-14 13225]
R3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-11-14 104944]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\GégeX\AppData\Roaming\Mozilla\Firefox\Profiles\gtyxnhll.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 08:49:17
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-18 8:50:41
ComboFix-quarantined-files.txt 2008-11-18 07:50:38

Avant-CF: 72 295 297 024 octets libres
Après-CF: 72,132,210,688 octets libres

286 --- E O F --- 2008-11-15 17:24:33

Réponse 24 / 94

GégeX
18 nov. 2008 à 08:55

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:13, on 18/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://antivirus-france.com/erreur-404/
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 25 / 94

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
18 nov. 2008 à 09:01

▶ Copie le texte en gras ci-dessous :

File::
c:\program files\defenza\pcd-as.exe

Folder::
c:\program files\Defenza

Registry::

▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt.

▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

▶ Cela va relancer Combofix,

▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

▶ Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

▶ S'il n'y a pas de rédémarrage, poste quand même les rapports.

Réponse 26 / 94

GégeX
18 nov. 2008 à 09:10

ComboFix 08-11-16.05 - GégeX 2008-11-18 9:04:16.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1041 [GMT 1:00]
Lancé depuis: c:\users\GégeX\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\GégeX\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\program files\defenza\pcd-as.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Defenza
c:\program files\Defenza\AlarmString.ini
c:\program files\Defenza\Anti-Spyware.ben
c:\program files\Defenza\ASSelectFolder.exe
c:\program files\Defenza\ExpShell.dll
c:\program files\Defenza\InMisc.dll
c:\program files\Defenza\MFC71.dll
c:\program files\Defenza\pages\foot.htm
c:\program files\Defenza\pages\fullscan.htm
c:\program files\Defenza\pages\headpage.htm
c:\program files\Defenza\pages\homepage2.htm
c:\program files\Defenza\pages\Icon.ico
c:\program files\Defenza\pages\images\activate1.bmp
c:\program files\Defenza\pages\images\activate2.bmp
c:\program files\Defenza\pages\images\addlist.bmp
c:\program files\Defenza\pages\images\addlist_green.bmp
c:\program files\Defenza\pages\images\ap_off.jpg
c:\program files\Defenza\pages\images\ap_on.jpg
c:\program files\Defenza\pages\images\ap_on_red.jpg
c:\program files\Defenza\pages\images\bmpSettingPageBK.bmp
c:\program files\Defenza\pages\images\bmpThreadInfoWndBK.bmp
c:\program files\Defenza\pages\images\btSelectFile.bmp
c:\program files\Defenza\pages\images\btSelectFileOver.bmp
c:\program files\Defenza\pages\images\cleanup.bmp
c:\program files\Defenza\pages\images\cleanup.jpg
c:\program files\Defenza\pages\images\cleanup2.bmp
c:\program files\Defenza\pages\images\cleanup2.jpg
c:\program files\Defenza\pages\images\critical.jpg
c:\program files\Defenza\pages\images\Defenza-scanchoice-up.bmp
c:\program files\Defenza\pages\images\Foot.bmp
c:\program files\Defenza\pages\images\FullScanOption.bmp
c:\program files\Defenza\pages\images\Head.bmp
c:\program files\Defenza\pages\images\help.bmp
c:\program files\Defenza\pages\images\help.gif
c:\program files\Defenza\pages\images\help_green.bmp
c:\program files\Defenza\pages\images\logo.gif
c:\program files\Defenza\pages\images\m_fscan.bmp
c:\program files\Defenza\pages\images\m_fscan_o.bmp
c:\program files\Defenza\pages\images\m_main.bmp
c:\program files\Defenza\pages\images\m_main_o.bmp
c:\program files\Defenza\pages\images\m_qscan.bmp
c:\program files\Defenza\pages\images\m_qscan_o.bmp
c:\program files\Defenza\pages\images\m_quarantine.bmp
c:\program files\Defenza\pages\images\m_quarantine_o.bmp
c:\program files\Defenza\pages\images\m_result.bmp
c:\program files\Defenza\pages\images\m_result_o.bmp
c:\program files\Defenza\pages\images\m_settings.bmp
c:\program files\Defenza\pages\images\m_settings_o.bmp
c:\program files\Defenza\pages\images\m_update.bmp
c:\program files\Defenza\pages\images\m_update_o.bmp
c:\program files\Defenza\pages\images\mainBody.bmp
c:\program files\Defenza\pages\images\malicious.jpg
c:\program files\Defenza\pages\images\managelist.bmp
c:\program files\Defenza\pages\images\managelist_green.bmp
c:\program files\Defenza\pages\images\Menu.bmp
c:\program files\Defenza\pages\images\moderate.jpg
c:\program files\Defenza\pages\images\PCdefAS-txtbox1.bmp
c:\program files\Defenza\pages\images\plus.gif
c:\program files\Defenza\pages\images\ResultBody.bmp
c:\program files\Defenza\pages\images\ScanBody.bmp
c:\program files\Defenza\pages\images\scanpc.bmp
c:\program files\Defenza\pages\images\scanpc_green.bmp
c:\program files\Defenza\pages\images\scanpc_green.jpg
c:\program files\Defenza\pages\images\scanpc_red.bmp
c:\program files\Defenza\pages\images\scanpc_red.jpg
c:\program files\Defenza\pages\images\ScanState1.bmp
c:\program files\Defenza\pages\images\ScanState2.bmp
c:\program files\Defenza\pages\images\SettingsBackground.bmp
c:\program files\Defenza\pages\images\severe.jpg
c:\program files\Defenza\pages\images\spacer.gif
c:\program files\Defenza\pages\images\startscan.bmp
c:\program files\Defenza\pages\images\startscan_green.bmp
c:\program files\Defenza\pages\images\stopscan.bmp
c:\program files\Defenza\pages\images\stopscan.jpg
c:\program files\Defenza\pages\images\stopscan_green.bmp
c:\program files\Defenza\pages\images\stopscan_red.bmp
c:\program files\Defenza\pages\images\stopscan2.jpg
c:\program files\Defenza\pages\images\threadInfoClose.bmp
c:\program files\Defenza\pages\images\ThreadInfoCloseOver.bmp
c:\program files\Defenza\pages\images\Thumbs.db
c:\program files\Defenza\pages\images\Update1_blue.bmp
c:\program files\Defenza\pages\images\update1_green.bmp
c:\program files\Defenza\pages\images\Update2_blue.bmp
c:\program files\Defenza\pages\images\Update2_green.bmp
c:\program files\Defenza\pages\images\UpdateBody.bmp
c:\program files\Defenza\pages\images\updateinfo.jpg
c:\program files\Defenza\pages\images\updateinfo_up.jpg
c:\program files\Defenza\pages\images2\activate1.bmp
c:\program files\Defenza\pages\images2\activate2.bmp
c:\program files\Defenza\pages\images2\addlist.bmp
c:\program files\Defenza\pages\images2\addlist_green.bmp
c:\program files\Defenza\pages\images2\ap_off.jpg
c:\program files\Defenza\pages\images2\ap_on.jpg
c:\program files\Defenza\pages\images2\ap_on_red.jpg
c:\program files\Defenza\pages\images2\bmpSettingPageBK.bmp
c:\program files\Defenza\pages\images2\bmpThreadInfoWndBK.bmp
c:\program files\Defenza\pages\images2\btSelectFile.bmp
c:\program files\Defenza\pages\images2\btSelectFileOver.bmp
c:\program files\Defenza\pages\images2\cleanup.bmp
c:\program files\Defenza\pages\images2\cleanup.jpg
c:\program files\Defenza\pages\images2\cleanup2.bmp
c:\program files\Defenza\pages\images2\cleanup2.jpg
c:\program files\Defenza\pages\images2\critical.jpg
c:\program files\Defenza\pages\images2\Defenza-scanchoice-up.bmp
c:\program files\Defenza\pages\images2\Foot.bmp
c:\program files\Defenza\pages\images2\FullScanOption.bmp
c:\program files\Defenza\pages\images2\Head.bmp
c:\program files\Defenza\pages\images2\help.bmp
c:\program files\Defenza\pages\images2\help.gif
c:\program files\Defenza\pages\images2\help_green.bmp
c:\program files\Defenza\pages\images2\logo.gif
c:\program files\Defenza\pages\images2\m_fscan.bmp
c:\program files\Defenza\pages\images2\m_fscan_o.bmp
c:\program files\Defenza\pages\images2\m_main.bmp
c:\program files\Defenza\pages\images2\m_main_o.bmp
c:\program files\Defenza\pages\images2\m_qscan.bmp
c:\program files\Defenza\pages\images2\m_qscan_o.bmp
c:\program files\Defenza\pages\images2\m_quarantine.bmp
c:\program files\Defenza\pages\images2\m_quarantine_o.bmp
c:\program files\Defenza\pages\images2\m_result.bmp
c:\program files\Defenza\pages\images2\m_result_o.bmp
c:\program files\Defenza\pages\images2\m_settings.bmp
c:\program files\Defenza\pages\images2\m_settings_o.bmp
c:\program files\Defenza\pages\images2\m_update.bmp
c:\program files\Defenza\pages\images2\m_update_o.bmp
c:\program files\Defenza\pages\images2\mainBody.bmp
c:\program files\Defenza\pages\images2\malicious.jpg
c:\program files\Defenza\pages\images2\managelist.bmp
c:\program files\Defenza\pages\images2\managelist_green.bmp
c:\program files\Defenza\pages\images2\Menu.bmp
c:\program files\Defenza\pages\images2\moderate.jpg
c:\program files\Defenza\pages\images2\PCdefAS-txtbox1.bmp
c:\program files\Defenza\pages\images2\plus.gif
c:\program files\Defenza\pages\images2\ResultBody.bmp
c:\program files\Defenza\pages\images2\ScanBody.bmp
c:\program files\Defenza\pages\images2\scanpc.bmp
c:\program files\Defenza\pages\images2\scanpc_green.bmp
c:\program files\Defenza\pages\images2\scanpc_green.jpg
c:\program files\Defenza\pages\images2\scanpc_red.bmp
c:\program files\Defenza\pages\images2\scanpc_red.jpg
c:\program files\Defenza\pages\images2\ScanState1.bmp
c:\program files\Defenza\pages\images2\ScanState2.bmp
c:\program files\Defenza\pages\images2\SettingsBackground.bmp
c:\program files\Defenza\pages\images2\severe.jpg
c:\program files\Defenza\pages\images2\spacer.gif
c:\program files\Defenza\pages\images2\startscan.bmp
c:\program files\Defenza\pages\images2\startscan_green.bmp
c:\program files\Defenza\pages\images2\stopscan.bmp
c:\program files\Defenza\pages\images2\stopscan.jpg
c:\program files\Defenza\pages\images2\stopscan_green.bmp
c:\program files\Defenza\pages\images2\stopscan_red.bmp
c:\program files\Defenza\pages\images2\stopscan2.jpg
c:\program files\Defenza\pages\images2\threadInfoClose.bmp
c:\program files\Defenza\pages\images2\ThreadInfoCloseOver.bmp
c:\program files\Defenza\pages\images2\Thumbs.db
c:\program files\Defenza\pages\images2\Update1_blue.bmp
c:\program files\Defenza\pages\images2\update1_green.bmp
c:\program files\Defenza\pages\images2\Update2_blue.bmp
c:\program files\Defenza\pages\images2\Update2_green.bmp
c:\program files\Defenza\pages\images2\UpdateBody.bmp
c:\program files\Defenza\pages\images2\updateinfo.jpg
c:\program files\Defenza\pages\images2\updateinfo_up.jpg
c:\program files\Defenza\pages\menupage.htm
c:\program files\Defenza\pages\quickscan.htm
c:\program files\Defenza\pages\scanresult.htm
c:\program files\Defenza\pages\updatepage.htm
c:\program files\Defenza\pcd-as.chm
c:\program files\Defenza\pcd-as.exe
c:\program files\Defenza\PcdasResults1.xml
c:\program files\Defenza\pcdreg.dll
c:\program files\Defenza\pcdscanner.exe
c:\program files\Defenza\QuarantineFolder\[u]0/u.txt
c:\program files\Defenza\SBScan.exe
c:\program files\Defenza\SBTE.dll
c:\program files\Defenza\SBTEDef.idx
c:\program files\Defenza\Setting\activate.ico
c:\program files\Defenza\Setting\icon.ico
c:\program files\Defenza\SpywareSetting.ini
c:\program files\Defenza\SUpdate.dat
c:\program files\Defenza\SUpdate.exe
c:\program files\Defenza\UpdateIDXDBDLL.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.

2008-11-18 07:33 . 2008-11-18 07:33 <REP> d-------- c:\users\GégeX\AppData\Roaming\Malwarebytes
2008-11-18 07:33 . 2008-11-18 07:33 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-18 07:33 . 2008-11-18 07:33 <REP> d-------- c:\programdata\Malwarebytes
2008-11-18 07:33 . 2008-11-18 07:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-18 07:33 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-18 07:33 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-18 07:29 . 2008-11-18 07:29 3,948 --a------ c:\windows\System32\tmp.reg
2008-11-18 07:28 . 2007-09-05 23:22 289,144 --a------ c:\windows\System32\VCCLSID.exe
2008-11-18 07:28 . 2006-04-27 16:49 288,417 --a------ c:\windows\System32\SrchSTS.exe
2008-11-18 07:28 . 2008-10-01 14:51 87,552 --a------ c:\windows\System32\VACFix.exe
2008-11-18 07:28 . 2008-10-10 07:58 82,944 --a------ c:\windows\System32\o4Patch.exe
2008-11-18 07:28 . 2008-05-18 20:40 82,944 --a------ c:\windows\System32\IEDFix.exe
2008-11-18 07:28 . 2008-10-10 07:58 82,944 --a------ c:\windows\System32\IEDFix.C.exe
2008-11-18 07:28 . 2008-08-18 11:19 82,432 --a------ c:\windows\System32\404Fix.exe
2008-11-18 07:28 . 2003-06-05 20:13 53,248 --a------ c:\windows\System32\Process.exe
2008-11-18 07:28 . 2004-07-31 17:50 51,200 --a------ c:\windows\System32\dumphive.exe
2008-11-18 07:28 . 2007-10-03 23:36 25,600 --a------ c:\windows\System32\WS2Fix.exe
2008-11-18 07:22 . 2008-11-18 07:22 <REP> d-------- c:\program files\Trend Micro
2008-11-18 03:16 . 2008-11-18 07:56 216 --a------ c:\windows\System32\SBFC.dat
2008-11-18 03:16 . 2008-11-18 03:16 0 --a------ c:\windows\System32\SBRC.dat
2008-11-18 02:09 . 2008-11-18 02:09 3,120 --a------ c:\windows\118294.78
2008-11-18 02:08 . 1996-08-20 20:37 15,840 --a------ c:\windows\System32\Machnm1.exe
2008-11-18 02:08 . 2005-09-25 16:37 5,632 --a------ c:\windows\System32\Machnm64.sys
2008-11-18 02:08 . 2008-11-18 02:08 3,120 --a------ c:\windows\System32\118290.54
2008-11-18 02:08 . 2003-08-13 00:27 2,304 --a------ c:\windows\System32\Machnm32.sys
2008-11-18 02:00 . 2008-11-18 02:00 <REP> d-------- c:\users\GégeX\AppData\Roaming\PC Tools
2008-11-18 02:00 . 2008-11-18 02:48 <REP> d-a------ c:\users\All Users\TEMP
2008-11-18 02:00 . 2008-11-18 02:48 <REP> d-a------ c:\programdata\TEMP
2008-11-18 02:00 . 2008-11-18 02:02 <REP> d-------- c:\program files\Spyware Doctor
2008-11-18 02:00 . 2008-08-25 12:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-11-18 02:00 . 2008-08-25 12:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-11-18 02:00 . 2008-08-25 12:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-11-18 02:00 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-11-18 01:50 . 2008-11-18 01:50 <REP> d-------- c:\windows\System32\Kaspersky Lab
2008-11-18 01:35 . 2008-11-06 02:03 <REP> d-------- C:\SDFix
2008-11-18 00:36 . 2008-11-18 00:36 <REP> d-------- C:\!KillBox
2008-11-18 00:30 . 2008-11-18 00:56 309,037,745 --a------ c:\windows\MEMORY.DMP
2008-11-18 00:15 . 2008-11-18 00:15 <REP> d-------- c:\users\GégeX\AppData\Roaming\Uniblue
2008-11-18 00:15 . 2008-11-18 01:39 <REP> d--h-c--- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-18 00:15 . 2008-11-18 01:39 <REP> d--h-c--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-18 00:15 . 2008-11-18 00:15 <REP> d-------- c:\program files\Uniblue
2008-11-18 00:03 . 2008-11-18 00:03 <REP> d-------- c:\program files\CCleaner
2008-11-17 23:55 . 2008-11-17 23:55 <REP> d-------- c:\program files\Free.fr
2008-11-17 14:27 . 2008-11-17 14:27 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-15 22:53 . 2008-11-15 22:53 <REP> d-------- c:\users\GégeX\AppData\Roaming\teamspeak2
2008-11-15 22:52 . 2008-11-15 22:53 <REP> d-------- c:\program files\Teamspeak2_RC2
2008-11-15 22:52 . 2008-11-15 22:52 34,064 --a------ c:\windows\System32\lhacm.acm
2008-11-15 21:30 . 2008-11-15 21:30 <REP> d-------- c:\windows\Sun
2008-11-15 21:30 . 2008-11-15 21:30 <REP> d-------- c:\users\GégeX\AppData\Roaming\SystemRequirementsLab
2008-11-15 21:30 . 2008-11-15 21:31 <REP> d-------- c:\program files\SystemRequirementsLab
2008-11-15 21:29 . 2008-11-15 21:29 <REP> d-------- C:\NVIDIA
2008-11-15 18:56 . 2008-11-17 23:39 <REP> d-------- c:\program files\InstantTouch
2008-11-15 03:54 . 2008-11-15 04:07 <REP> d-------- c:\users\GégeX\AppData\Roaming\mIRC
2008-11-15 03:54 . 2008-11-15 03:55 <REP> d-------- c:\program files\mIRC
2008-11-15 01:32 . 2008-11-15 01:32 <REP> d-------- C:\PerfLogs
2008-11-15 00:35 . 2008-01-19 08:38 4,595,712 --a------ c:\windows\System32\AuthFWSnapin.dll
2008-11-15 00:34 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-11-15 00:33 . 2008-01-19 08:32 5,714,432 --a------ c:\windows\System32\logon.scr
2008-11-15 00:32 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-11-15 00:31 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-11-15 00:31 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-11-15 00:31 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-11-15 00:31 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-11-15 00:31 . 2006-11-02 10:39 6,656 --a------ c:\windows\System32\kbd106.dll
2008-11-15 00:11 . 2008-07-19 06:09 563,912 --a------ c:\windows\System32\wuapi.dll
2008-11-15 00:11 . 2008-07-19 04:44 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-15 00:11 . 2008-07-19 06:10 36,552 --a------ c:\windows\System32\wups.dll
2008-11-14 21:30 . 2008-11-14 21:30 <REP> d-------- C:\Programs
2008-11-14 10:44 . 2008-11-18 08:33 <REP> d-------- c:\program files\Steam
2008-11-14 10:30 . 2008-11-14 10:30 312,862 --a------ c:\windows\CSSBScript - Version Full Uninstaller.exe
2008-11-14 10:28 . 2008-11-14 10:28 269,312 --a------ c:\windows\System32\es.dll
2008-11-14 10:27 . 2008-11-14 10:27 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-14 10:11 . 2002-11-14 15:32 55,808 --a------ c:\windows\devcon.exe
2008-11-14 10:11 . 2008-11-14 00:27 1,550 --a------ c:\windows\CLEANUP.CMD
2008-11-14 10:11 . 2007-06-26 05:48 387 --a------ c:\windows\MSSFT_RB.CMD
2008-11-14 10:11 . 2007-01-15 13:28 336 --a------ c:\windows\ACERTOURREMINDERRUN.REG
2008-11-14 10:11 . 2004-10-01 21:32 92 --a------ c:\windows\CLEANUP.INI
2008-11-14 10:11 . 2004-12-08 20:32 30 --a------ c:\windows\SETPANEL.INI
2008-11-14 10:11 . 2007-01-11 10:50 23 --a------ c:\windows\System32\$Acer$.cmd
2008-11-14 05:57 . 2008-11-14 05:57 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 05:57 . 2008-11-14 05:57 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 05:57 . 2008-11-14 05:57 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 05:57 . 2008-11-14 05:57 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 05:56 . 2008-11-14 05:56 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 05:56 . 2008-11-14 05:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-14 05:33 . 2008-11-14 05:33 <REP> d-------- c:\users\GégeX\AppData\Roaming\WinRAR
2008-11-14 05:32 . 2008-11-14 05:59 <REP> d-------- c:\program files\7-Zip
2008-11-14 05:31 . 2008-11-14 05:31 <REP> d-------- c:\users\GégeX\AppData\Roaming\Mozilla
2008-11-14 05:25 . 2008-11-14 05:25 <REP> d-------- c:\users\GégeX\AppData\Roaming\Talkback
2008-11-14 04:15 . 2008-11-14 04:22 <REP> d-------- c:\program files\Windows Live
2008-11-14 04:15 . 2008-11-14 13:46 <REP> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-14 04:14 . 2008-11-14 13:44 <REP> d-------- c:\users\All Users\WLInstaller
2008-11-14 04:14 . 2008-11-14 13:44 <REP> d-------- c:\programdata\WLInstaller
2008-11-14 04:04 . 2008-11-14 04:04 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-11-14 04:04 . 2008-11-14 04:04 272,896 --a------ c:\windows\System32\polstore.dll
2008-11-14 04:04 . 2008-11-14 04:04 61,440 --a------ c:\windows\System32\winipsec.dll
2008-11-14 04:04 . 2008-11-14 04:04 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-11-14 04:00 . 2008-11-14 04:00 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-14 04:00 . 2008-11-14 04:00 2,048 --a------ c:\windows\System32\tzres.dll
2008-11-14 03:57 . 2008-11-14 03:57 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-11-14 03:57 . 2008-11-14 03:57 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-14 03:57 . 2008-11-14 03:57 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-11-14 03:57 . 2008-11-14 03:57 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-14 03:51 . 2008-11-14 03:51 988,216 --a------ c:\windows\System32\winload.exe
2008-11-14 03:51 . 2008-11-14 03:51 927,288 --a------ c:\windows\System32\winresume.exe
2008-11-14 03:51 . 2008-11-14 03:51 615,992 --a------ c:\windows\System32\ci.dll
2008-11-14 03:51 . 2008-11-14 03:51 378,368 --a------ c:\windows\System32\srcore.dll
2008-11-14 03:51 . 2008-11-14 03:51 318,464 --a------ c:\windows\System32\rstrui.exe
2008-11-14 03:51 . 2008-11-14 03:51 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2008-11-14 03:51 . 2008-11-14 03:51 40,960 --a------ c:\windows\System32\srclient.dll
2008-11-14 03:51 . 2008-11-14 03:51 19,000 --a------ c:\windows\System32\kd1394.dll
2008-11-14 03:51 . 2008-11-14 03:51 14,848 --a------ c:\windows\System32\srdelayed.exe
2008-11-14 03:51 . 2008-11-14 03:51 6,656 --a------ c:\windows\System32\kbd106n.dll
2008-11-14 03:49 . 2008-11-14 03:49 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-14 03:49 . 2008-11-14 03:49 295,936 --a------ c:\windows\System32\gdi32.dll
2008-11-14 03:49 . 2008-11-14 03:49 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-11-14 03:49 . 2008-11-14 03:49 37,888 --a------ c:\windows\System32\printcom.dll
2008-11-14 03:48 . 2008-11-14 03:48 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2008-11-14 03:48 . 2008-11-14 03:48 14,848 --a------ c:\windows\System32\wshrm.dll
2008-11-14 03:46 . 2008-11-14 03:46 1,314,816 --a------ c:\windows\System32\quartz.dll
2008-11-14 03:46 . 2008-11-14 03:46 738,304 --a------ c:\windows\System32\inetcomm.dll
2008-11-14 03:46 . 2008-11-14 03:46 84,480 --a------ c:\windows\System32\INETRES.dll
2008-11-14 03:45 . 2008-11-14 03:45 <REP> d-------- c:\program files\MSXML 4.0
2008-11-14 03:44 . 2008-11-14 03:44 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-11-14 03:44 . 2008-11-14 03:44 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 08:06 2,097,152 --sha-w c:\users\GégeX\ntuser.dat
2008-11-18 08:06 2,097,152 --sha-w c:\users\GégeX\ntuser.dat
2008-11-18 06:33 --------- d-----w c:\users\GégeX\AppData\Roaming\Malwarebytes
2008-11-18 02:27 27,839 ----a-w c:\users\GégeX\AppData\Roaming\nvModes.dat
2008-11-18 01:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 01:00 --------- d-----w c:\users\GégeX\AppData\Roaming\PC Tools
2008-11-17 23:15 --------- d-----w c:\users\GégeX\AppData\Roaming\Uniblue
2008-11-17 21:06 --------- d-s---w c:\users\GégeX\AppData\Roaming\Microsoft
2008-11-15 21:53 --------- d-----w c:\users\GégeX\AppData\Roaming\teamspeak2
2008-11-15 20:48 8,534,560 ----a-w c:\windows\System32\nvcpl.dll
2008-11-15 20:48 795,104 ----a-w c:\windows\System32\dpinst.exe
2008-11-15 20:48 6,537,216 ----a-w c:\windows\System32\nvdisps.dll
2008-11-15 20:48 5,611,520 ----a-w c:\windows\System32\nvdispsr.dll
2008-11-15 20:48 5,263,360 ----a-w c:\windows\System32\nvd3dum.dll
2008-11-15 20:48 389,120 ----a-w c:\windows\System32\nvapi.dll
2008-11-15 20:48 35,328 ----a-w c:\windows\System32\nvcod100.dll
2008-11-15 20:48 35,328 ----a-w c:\windows\System32\nvcod.dll
2008-11-15 20:48 147,456 ----a-w c:\windows\System32\nvcolor.exe
2008-11-15 20:30 --------- d-----w c:\users\GégeX\AppData\Roaming\SystemRequirementsLab
2008-11-15 03:07 --------- d-----w c:\users\GégeX\AppData\Roaming\mIRC
2008-11-15 00:39 174 --sha-w c:\program files\desktop.ini
2008-11-15 00:33 --------- d-----w c:\program files\Windows Sidebar
2008-11-15 00:33 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-15 00:33 --------- d-----w c:\program files\Windows Mail
2008-11-15 00:33 --------- d-----w c:\program files\Windows Journal
2008-11-15 00:33 --------- d-----w c:\program files\Windows Defender
2008-11-15 00:33 --------- d-----w c:\program files\Windows Collaboration
2008-11-15 00:33 --------- d-----w c:\program files\Windows Calendar
2008-11-14 23:50 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-14 23:50 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-14 15:24 --------- d-----w c:\users\GégeX\AppData\Roaming\Mumble
2008-11-14 09:28 --------- d-----w c:\programdata\Microsoft Help
2008-11-14 09:23 --------- d-----w c:\program files\Microsoft Works
2008-11-14 05:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-14 04:44 --------- d-----w c:\users\GégeX\AppData\Roaming\Adobe
2008-11-14 04:33 --------- d-----w c:\users\GégeX\AppData\Roaming\WinRAR
2008-11-14 04:31 --------- d-----w c:\users\GégeX\AppData\Roaming\Mozilla
2008-11-14 04:25 --------- d-----w c:\users\GégeX\AppData\Roaming\Talkback
2008-11-14 01:24 --------- d-----w c:\programdata\CyberLink
2008-11-14 00:53 --------- d-----w c:\users\GégeX\AppData\Roaming\InstallShield
2008-11-14 00:49 --------- d-----w c:\users\GégeX\AppData\Roaming\OpenOffice.org
2008-11-14 00:30 --------- d-----w c:\program files\Acer Arcade Deluxe
2008-11-13 23:27 --------- d-----w c:\users\GégeX\AppData\Roaming\Macromedia
2008-11-13 23:27 --------- d-----w c:\users\GégeX\AppData\Roaming\Identities
2008-11-13 23:23 --------- d-sh--w c:\programdata\Modèles
2008-11-13 23:23 --------- d-sh--w c:\programdata\Menu Démarrer
2008-11-13 23:23 --------- d-sh--w c:\programdata\Favoris
2008-11-13 23:23 --------- d-sh--w c:\programdata\Bureau
2008-11-13 23:23 --------- d-sh--w c:\program files\Fichiers communs
2008-11-13 23:19 --------- d-----w c:\program files\Intel
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Steam"="c:\progra~1\steam\steam.exe" [2008-11-17 1410296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-11-15 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-15 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-15 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-10 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25219AE5-C395-490A-927D-5917C456B162}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{73385A75-B0A0-486B-93DA-EB45C508EAE8}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{B692E47A-942F-4203-B25E-D267FCBB3C8E}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{6EFBE2AE-93A1-48B4-AA83-9B950E0E9A9C}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{599061C4-E8E8-4176-94E4-E46B4B900A27}"= UDP:c:\users\GégeX\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{776074BA-B032-4307-92BD-D7F14B580162}"= TCP:c:\users\GégeX\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{D19CDF6F-0F49-42EB-B883-7F22D00CF14E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C39007CD-C65D-4B86-A380-BA60AAA40CD7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{51E11DDD-F61A-4533-9604-BF177924478D}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{51B735FC-D18E-4ADB-B6E3-6803DD86FB6B}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{93F43C8B-9BB2-4095-B35F-C995DC7620F2}c:\\program files\\instanttouch\\bin\\cmcenterv2.exe"= UDP:c:\program files\instanttouch\bin\cmcenterv2.exe:CmCenter Module
"UDP Query User{EA21EA95-801A-4250-B267-94D1184E7FD8}c:\\program files\\instanttouch\\bin\\cmcenterv2.exe"= TCP:c:\program files\instanttouch\bin\cmcenterv2.exe:CmCenter Module
"TCP Query User{7D68889B-82BD-4808-9D6D-FFA3BF62923B}c:\\program files\\steam\\steamapps\\samsufy972\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samsufy972\counter-strike source\hl2.exe:hl2
"UDP Query User{F7D4D6E8-A009-4F41-B081-E662703F6685}c:\\program files\\steam\\steamapps\\samsufy972\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samsufy972\counter-strike source\hl2.exe:hl2
"TCP Query User{FF94C0FE-0480-4A80-8384-FB843C558E30}c:\\program files\\instanttouch\\bin\\cmcenterv2.exe"= UDP:c:\program files\instanttouch\bin\cmcenterv2.exe:CmCenter Module
"UDP Query User{440D37D8-0C53-466F-985C-3A13AE24088C}c:\\program files\\instanttouch\\bin\\cmcenterv2.exe"= TCP:c:\program files\instanttouch\bin\cmcenterv2.exe:CmCenter Module

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-14 78416]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\c:\program files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2008-11-14 01:30:10 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-14 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-14 50768]
R2 Machnm32;Machnm32 Driver;\??\c:\windows\System32\Machnm32.sys [2008-11-18 2304]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-08-10 179712]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-08-10 32256]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [2008-11-14 13225]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-11-14 104944]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-PCDAS - c:\program files\Defenza\pcd-as.exe

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 09:06:17
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

[23040] 0xBFC0940B
[23040] 0xAD489738
Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-18 9:07:36
ComboFix-quarantined-files.txt 2008-11-18 08:07:33
ComboFix2.txt 2008-11-18 07:50:42

Avant-CF: 71 732 658 176 octets libres
Après-CF: 71,495,221,248 octets libres

466 --- E O F --- 2008-11-15 17:24:33

Réponse 27 / 94

GégeX
18 nov. 2008 à 09:11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:09:22, on 18/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://antivirus-france.com/erreur-404/
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 28 / 94

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
18 nov. 2008 à 09:17

Très bien... Defenza est parti ;-)

Maintenant fais ceci stp :

▶ Télécharge RegCleaner

▶ Une fois installé, double-clique sur son icône pour l'exécuter

▶ Dans la barre de menu, clique sur Options puis sélectionne Language => Choose the language

▶ recherche French.rlg et double-clique dessus pour appliquer la langue

▶ Clique ensuite sur Outils dans la barre de menu

▶ Sélectionne Nettoyage du registre => Nettoyeur de registre automatique

▶ RegCleaner va alors lancer le nettoyage automatiquement

▶ Coche ensuite les entrées invalides et clique sur Supprimer sélections => Terminer => Quitter

est ce que tu as le logiciel Spybot ??

Réponse 29 / 94

GégeX
18 nov. 2008 à 09:19

Pour spybot je viens de le télécharger.

Réponse 30 / 94

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
18 nov. 2008 à 09:20

Ok.. Après avoir fait RegCleaner, fais une mise à jour et une analyse avec Spybot... Et tiens moi au courant

Réponse 31 / 94

GégeX
18 nov. 2008 à 09:41

J'ai donc lancé regcleaner et spybot puis j'ai rédémarré mon pc et je n'ai toujours pas accès à mon panneau de config de plus csrss.exe et winlogon.exe sont toujours dans le gestionnaire de taches !!

Réponse 32 / 94

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
18 nov. 2008 à 09:51

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶ Vas dans "Démarrer" puis Panneau de configuration.
▶ Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
▶ Clique sur Continuer.
▶ Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
▶ Valide par OK et redémarre.

▶ Telecharge maintenant FindyKill sur ton bureau :

▶ Lance l installation avec les parametres par default

▶ Fais un clic droit sur le raccourci FindyKill sur ton bureau

▶ Choisi executer en tant qu administrateur

▶ Au menu principal,choisi l option 1 (Recherche)

▶ Post le rapport FindyKill.txt

* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

Réponse 33 / 94

GégeX
18 nov. 2008 à 09:54

----------------- FindyKill V4.705 ------------------

* User : G‚geX - PC-DE-GGEX
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/11/08 par Chiquitine29
* Recherche effectuée à 9:51:33 le 18/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\GGEX~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

»»»» Presence des fichiers dans C:\Windows\system32

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\G‚geX\AppData\Roaming

»»»» Presence des fichiers dans C:\Users\GGEX~1\AppData\Local\Temp

»»»» Presence des fichiers dans C:\Users\G‚geX\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Steam="c:\progra~1\steam\steam.exe" -silent
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Uniblue RegistryBooster 2009=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

RtHDVCpl=RtHDVCpl.exe
eAudio="C:\Acer\Empowering Technology\eAudio\eAudio.exe"
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
PLFSet=rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
PlayMovie="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
IAAnotif="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Diamondback=C:\Program Files\Razer\Diamondback 3G\razerhid.exe
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Clés infectieuses ] ----------------

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

WinDefend - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
F: - Lecteur de CD-ROM

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

Réponse 34 / 94

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
18 nov. 2008 à 10:01

Une belle saloperie ce virus :s

As tu le bouclier résident de spybot activé dans la barre des tâches ??

Réponse 35 / 94

GégeX
18 nov. 2008 à 10:01

oui

Réponse 36 / 94

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
18 nov. 2008 à 10:02

désactive le en faisant un clic droit dessus et refais findykill stp

Réponse 37 / 94

GégeX
18 nov. 2008 à 10:03

----------------- FindyKill V4.705 ------------------

* User : G‚geX - PC-DE-GGEX
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/11/08 par Chiquitine29
* Recherche effectuée à 10:01:11 le 18/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Users\GGEX~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\servicing\TrustedInstaller.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

»»»» Presence des fichiers dans C:\Windows\system32

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\G‚geX\AppData\Roaming

»»»» Presence des fichiers dans C:\Users\GGEX~1\AppData\Local\Temp

»»»» Presence des fichiers dans C:\Users\G‚geX\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Steam="c:\progra~1\steam\steam.exe" -silent
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Uniblue RegistryBooster 2009=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

RtHDVCpl=RtHDVCpl.exe
eAudio="C:\Acer\Empowering Technology\eAudio\eAudio.exe"
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
PLFSet=rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
PlayMovie="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
IAAnotif="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Diamondback=C:\Program Files\Razer\Diamondback 3G\razerhid.exe
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Clés infectieuses ] ----------------

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

WinDefend - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
F: - Lecteur de CD-ROM

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

Réponse 38 / 94

GégeX
18 nov. 2008 à 10:06

----------------- FindyKill V4.705 ------------------

* User : G‚geX - PC-DE-GGEX
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/11/08 par Chiquitine29
* Recherche effectuée à 10:03:25 le 18/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Users\GGEX~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\servicing\TrustedInstaller.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

»»»» Presence des fichiers dans C:\Windows\system32

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\G‚geX\AppData\Roaming

»»»» Presence des fichiers dans C:\Users\GGEX~1\AppData\Local\Temp

»»»» Presence des fichiers dans C:\Users\G‚geX\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Steam="c:\progra~1\steam\steam.exe" -silent
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Uniblue RegistryBooster 2009=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

RtHDVCpl=RtHDVCpl.exe
eAudio="C:\Acer\Empowering Technology\eAudio\eAudio.exe"
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
PLFSet=rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
PlayMovie="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
IAAnotif="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Diamondback=C:\Program Files\Razer\Diamondback 3G\razerhid.exe
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Clés infectieuses ] ----------------

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

WinDefend - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
F: - Lecteur de CD-ROM

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

Réponse 39 / 94

geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
18 nov. 2008 à 10:08

Télécharge Trojan Remover

voici un tuto pour bien le faire fonctionner : http://www.malekal.com/tutorial_TrojanRemover.php

Réponse 40 / 94

GégeX
18 nov. 2008 à 10:18

***** THE SYSTEM HAS BEEN RESTARTED *****
18/11/2008 10:12:29: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\igfxcui - already removed (or did not exist)
=======================================================
18/11/2008 10:12:29: Trojan Remover closed
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.4.2551. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 10:09:34 18 nov. 2008
Using Database v7202
Operating System: Windows Vista SP1 [Windows Vista Service Pack 1 (Build 6001)]
Edition: Windows Vista (TM) Home Premium
File System: NTFS
User Account Control is DISABLED.
Data directory: C:\Users\GégeX\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Users\GégeX\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus

************************************************************

************************************************************
10:09:34: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

************************************************************
10:09:34: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

************************************************************
10:09:34: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
10:09:35: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\Windows\Explorer.exe
2927104 bytes
Created: 15/11/2008
Modified: 19/01/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
25088 bytes
Created: 15/11/2008
Modified: 19/01/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: RtHDVCpl
Value Data: RtHDVCpl.exe
C:\Windows\RtHDVCpl.exe
4669440 bytes
Created: 10/08/2007
Modified: 06/07/2007
Company: Realtek Semiconductor
--------------------
Value Name: eAudio
Value Data: "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
C:\Acer\Empowering Technology\eAudio\eAudio.exe
1286144 bytes
Created: 10/08/2007
Modified: 11/06/2007
Company: CyberLink
--------------------
Value Name: eDataSecurity Loader
Value Data: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
457216 bytes
Created: 25/04/2007
Modified: 25/04/2007
Company: HiTRUST
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
40048 bytes
Created: 08/03/2007
Modified: 08/03/2007
Company: Adobe Systems Incorporated
--------------------
Value Name: PLFSet
Value Data: rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
C:\Windows\PLFSet.dll
45056 bytes
Created: 10/08/2007
Modified: 25/04/2007
Company:
--------------------
Value Name: LManager
Value Data: C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
752136 bytes
Created: 10/08/2007
Modified: 27/06/2007
Company: Dritek System Inc.
--------------------
Value Name: PlayMovie
Value Data: "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
206952 bytes
Created: 14/11/2008
Modified: 24/05/2007
Company: CyberLink Corp.
--------------------
Value Name: IAAnotif
Value Data: "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
174872 bytes
Created: 14/11/2008
Modified: 21/03/2007
Company: Intel Corporation
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 14/11/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: Diamondback
Value Data: C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
147456 bytes
Created: 14/11/2008
Modified: 01/08/2007
Company:
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
79224 bytes
Created: 14/11/2008
Modified: 16/05/2008
Company: ALWIL Software
--------------------
Value Name: NvSvc
Value Data: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
C:\Windows\system32\nvsvc.dll
86016 bytes
Created: 10/08/2007
Modified: 15/11/2008
Company: NVIDIA Corporation
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
C:\Windows\system32\NvCpl.dll
8534560 bytes
Created: 10/08/2007
Modified: 15/11/2008
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
C:\Windows\system32\NvMcTray.dll
81920 bytes
Created: 10/08/2007
Modified: 15/11/2008
Company: NVIDIA Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1233800 bytes
Created: 18/11/2008
Modified: 08/11/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: Sidebar
Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe
1233920 bytes
Created: 15/11/2008
Modified: 19/01/2008
Company: Microsoft Corporation
--------------------
Value Name: Steam
Value Data: "c:\progra~1\steam\steam.exe" -silent
c:\progra~1\steam\steam.exe
1410296 bytes
Created: 01/09/2005
Modified: 17/11/2008
Company: Valve Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
--------------------
Value Name: Uniblue RegistryBooster 2009
Value Data: c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
99624 bytes
Created: 26/08/2008
Modified: 26/08/2008
Company: Uniblue Software
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
10:09:37: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
10:09:37: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
10:09:37: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
10:09:37: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
10:09:37: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
10:09:37: Scanning ----- SERVICES REGISTRY KEYS -----
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\Windows\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 14/11/2008
Modified: 16/05/2008
Company: ALWIL Software
----------
Key: aswMonFlt
ImagePath: system32\DRIVERS\aswMonFlt.sys
C:\Windows\system32\DRIVERS\aswMonFlt.sys
50768 bytes
Created: 14/11/2008
Modified: 16/05/2008
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
17272 bytes
Created: 14/11/2008
Modified: 16/05/2008
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
144760 bytes
Created: 14/11/2008
Modified: 16/05/2008
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
247160 bytes
Created: 14/11/2008
Modified: 16/05/2008
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
349560 bytes
Created: 14/11/2008
Modified: 16/05/2008
Company: ALWIL Software
----------
Key: b57nd60x
ImagePath: system32\DRIVERS\b57nd60x.sys
C:\Windows\system32\DRIVERS\b57nd60x.sys
179712 bytes
Created: 10/08/2007
Modified: 05/06/2007
Company: Broadcom Corporation
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key: catchme
ImagePath: \??\C:\ComboFix\catchme.sys - this file is globally excluded
----------
Key: circlass
ImagePath: system32\DRIVERS\circlass.sys
C:\Windows\system32\DRIVERS\circlass.sys
35328 bytes
Created: 15/11/2008
Modified: 19/01/2008
Company: Microsoft Corporation
----------
Key: DKbFltr
ImagePath: system32\DRIVERS\DKbFltr.sys
C:\Windows\system32\DRIVERS\DKbFltr.sys
21264 bytes
Created: 10/08/2007
Modified: 02/11/2006
Company: Dritek System Inc.
----------
Key: DritekPortIO
ImagePath: \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
C:\PROGRA~1\LAUNCH~1\DPortIO.sys
20112 bytes
Created: 10/08/2007
Modified: 02/11/2006
Company: Dritek System Inc.
----------
Key: eDataSecurity Service
ImagePath: "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
457512 bytes
Created: 25/04/2007
Modified: 25/04/2007
Company: HiTRSUT
----------
Key: eLockService
ImagePath: C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
24576 bytes
Created: 10/08/2007
Modified: 14/03/2007
Company: Acer Inc.
----------
Key: enecir
ImagePath: system32\DRIVERS\enecir.sys
C:\Windows\system32\DRIVERS\enecir.sys
32256 bytes
Created: 10/08/2007
Modified: 07/03/2007
Company: ENE TECHNOLOGY INC.
----------
Key: eNet Service
ImagePath: C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
135168 bytes
Created: 10/08/2007
Modified: 22/05/2007
Company: Acer Inc.
----------
Key: eSettingsService
ImagePath: C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
24576 bytes
Created: 10/08/2007
Modified: 10/05/2007
Company:
----------
Key: FileObjInfo
ImagePath: \??\C:\ProgramData\Spyware Terminator\FileObjInfo.sys
C:\ProgramData\Spyware Terminator\FileObjInfo.sys [file not found to scan]
----------
Key: HidIr
ImagePath: system32\DRIVERS\hidir.sys
C:\Windows\system32\DRIVERS\hidir.sys
21504 bytes
Created: 15/11/2008
Modified: 19/01/2008
Company: Microsoft Corporation
----------
Key: HSFHWAZL
ImagePath: system32\DRIVERS\VSTAZL3.SYS
C:\Windows\system32\DRIVERS\VSTAZL3.SYS
200704 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Conexant Systems, Inc.
----------
Key: HSXHWAZL
ImagePath: system32\DRIVERS\HSXHWAZL.sys
C:\Windows\system32\DRIVERS\HSXHWAZL.sys
208384 bytes
Created: 10/08/2007
Modified: 26/04/2007
Company: Conexant Systems, Inc.
----------
Key: IAANTMON
ImagePath: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
355096 bytes
Created: 14/11/2008
Modified: 21/03/2007
Company: Intel Corporation
----------
Key: iaStor
ImagePath: system32\DRIVERS\iaStor.sys
C:\Windows\system32\DRIVERS\iaStor.sys
304920 bytes
Created: 14/11/2008
Modified: 21/03/2007
Company: Intel Corporation
----------
Key: iaStorV
ImagePath: system32\drivers\iastorv.sys
C:\Windows\system32\drivers\iastorv.sys
232040 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Intel Corporation
----------
Key: igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys [file not found to scan]
----------
Key: IKFileSec
ImagePath: \SystemRoot\system32\drivers\ikfilesec.sys
C:\Windows\system32\drivers\ikfilesec.sys
40840 bytes
Created: 18/11/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\Windows\system32\drivers\iksysflt.sys
66952 bytes
Created: 18/11/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysSec
ImagePath: system32\drivers\iksyssec.sys
C:\Windows\system32\drivers\iksyssec.sys
81288 bytes
Created: 18/11/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: int15
ImagePath: \??\C:\Windows\system32\drivers\int15.sys
C:\Windows\system32\drivers\int15.sys
76584 bytes
Created: 10/08/2007
Modified: 02/03/2007
Company:
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key: Machnm32
ImagePath: \??\C:\Windows\System32\Machnm32.sys
C:\Windows\System32\Machnm32.sys
2304 bytes
Created: 18/11/2008
Modified: 13/08/2003
Company:
----------
Key: MobilityService
ImagePath: C:\Acer\Mobility Center\MobilityService.exe -p
C:\Acer\Mobility Center\MobilityService.exe
107008 bytes
Created: 10/08/2007
Modified: 24/11/2006
Company:
----------
Key: msahci
ImagePath: system32\DRIVERS\msahci.sys
C:\Windows\system32\DRIVERS\msahci.sys
23144 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: NETw3v32
ImagePath: system32\DRIVERS\NETw3v32.sys
C:\Windows\system32\DRIVERS\NETw3v32.sys
1781760 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Intel® Corporation
----------
Key: NETw4v32
ImagePath: system32\DRIVERS\NETw4v32.sys
C:\Windows\system32\DRIVERS\NETw4v32.sys
2219520 bytes
Created: 10/08/2007
Modified: 29/04/2007
Company: Intel Corporation
----------
Key: NTIDrvr
ImagePath: system32\DRIVERS\NTIDrvr.sys
C:\Windows\system32\DRIVERS\NTIDrvr.sys
6144 bytes
Created: 10/08/2007
Modified: 10/08/2007
Company: NewTech Infosystems, Inc.
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key: Planificateur LiveUpdate automatique
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [file not found to scan]
----------
Key: PSDFilter
ImagePath: system32\DRIVERS\psdfilter.sys
C:\Windows\system32\DRIVERS\psdfilter.sys
20776 bytes
Created: 25/04/2007
Modified: 25/04/2007
Company: HiTRUST
----------
Key: PSDNServ
ImagePath: system32\drivers\PSDNServ.sys
C:\Windows\system32\drivers\PSDNServ.sys
16680 bytes
Created: 25/04/2007
Modified: 25/04/2007
Company: HiTRUST
----------
Key: psdvdisk
ImagePath: system32\drivers\psdvdisk.sys
C:\Windows\system32\drivers\psdvdisk.sys
60712 bytes
Created: 25/04/2007
Modified: 25/04/2007
Company: HiTRUST
----------
Key: Razerlow
ImagePath: System32\Drivers\DB3G.sys
C:\Windows\System32\Drivers\DB3G.sys
13225 bytes
Created: 14/11/2008
Modified: 24/04/2005
Company: Razer (Asia-Pacific) Pte Ltd
----------
Key: RichVideo
ImagePath: "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
266343 bytes
Created: 10/08/2007
Modified: 23/01/2007
Company:
----------
Key: rimmptsk
ImagePath: system32\DRIVERS\rimmptsk.sys
C:\Windows\system32\DRIVERS\rimmptsk.sys
39936 bytes
Created: 10/08/2007
Modified: 24/02/2007
Company: REDC
----------
Key: rimsptsk
ImagePath: system32\DRIVERS\rimsptsk.sys
C:\Windows\system32\DRIVERS\rimsptsk.sys
42496 bytes
Created: 10/08/2007
Modified: 23/01/2007
Company: REDC
----------
Key: rismxdp
ImagePath: system32\DRIVERS\rixdptsk.sys
C:\Windows\system32\DRIVERS\rixdptsk.sys
37376 bytes
Created: 10/08/2007
Modified: 21/03/2007
Company: REDC
----------
Key: SBSDWSCService
ImagePath: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
809296 bytes
Created: 18/11/2008
Modified: 07/07/2008
Company: Safer Networking Ltd.
----------
Key: sdAuxService
ImagePath: C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
356920 bytes
Created: 18/11/2008
Modified: 13/06/2008
Company: PC Tools
----------
Key: sdCoreService
ImagePath: C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
1079176 bytes
Created: 18/11/2008
Modified: 09/10/2008
Company: PC Tools
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: SNP2UVC
ImagePath: system32\DRIVERS\snp2uvc.sys
C:\Windows\system32\DRIVERS\snp2uvc.sys
1729152 bytes
Created: 10/08/2007
Modified: 12/06/2007
Company:
----------
Key: Steam Client Service
ImagePath: C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService
C:\Program Files\Common Files\Steam\SteamService.exe
104944 bytes
Created: 14/11/2008
Modified: 17/11/2008
Company: Valve Corporation
----------
Key: usbccgp
ImagePath: \SystemRoot\system32\drivers\usbccgp.sys
C:\Windows\system32\drivers\usbccgp.sys
73216 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: WMIService
ImagePath: C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
163840 bytes
Created: 10/08/2007
Modified: 16/05/2007
Company: acer
----------
Key: {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}
ImagePath: \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
13560 bytes
Created: 14/11/2008
Modified: 02/11/2006
Company: Cyberlink Corp.
----------

************************************************************
10:09:46: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************************
10:09:46: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
igfxdev.dll - this reference has been removed [file not found to scan]
----------

************************************************************
10:10:00: Scanning ----- CONTEXTMENUHANDLERS -----
Key: 7-Zip
CLSID: {23170F69-40C1-278A-1000-000100020000}
Path: C:\Program Files\7-Zip\7-zip.dll
C:\Program Files\7-Zip\7-zip.dll
70144 bytes
Created: 19/08/2008
Modified: 19/08/2008
Company: Igor Pavlov
----------
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
75128 bytes
Created: 14/11/2008
Modified: 16/05/2008
Company: ALWIL Software
----------
Key: EDSshellExt
CLSID: {29FF7AB0-BE34-4992-A30B-53A9D86EE239}
Path: C:\Windows\system32\eDSshellExt.dll
C:\Windows\system32\eDSshellExt.dll
315392 bytes
Created: 25/04/2007
Modified: 25/04/2007
Company: HiTRUST
----------
Key: ShellExtension
CLSID: [empty]
----------

************************************************************
10:10:00: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
357888 bytes
Created: 28/08/2008
Modified: 28/08/2008
Company: Sun Microsystems, Inc.
----------

************************************************************
10:10:00: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
436288 bytes
Created: 14/11/2008
Modified: 29/11/2006
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - file is excluded from scanning [SPYBOT S&D file]
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 14/11/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------
Key: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
BHO: C:\Windows\system32\ActiveToolBand.dll
C:\Windows\system32\ActiveToolBand.dll
299008 bytes
Created: 25/04/2007
Modified: 25/04/2007
Company: HiTRUST
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------

************************************************************
10:10:01: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
10:10:01: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
10:10:01: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
10:10:01: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
10:10:01: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
10:10:01: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 02/11/2006
Modified: 15/11/2008
Company:
--------------------
C:\Acer\Empowering Technology\eAPLauncher.exe
535336 bytes
Created: 10/08/2007
Modified: 14/04/2007
Company: Acer Inc.
Empowering Technology Launcher.lnk - links to C:\Acer\Empowering Technology\eAPLauncher.exe
--------------------

************************************************************
10:10:01: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: GégeX
[C:\Users\GégeX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\GégeX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14/11/2008
Modified: 14/11/2008
Company:
----------
--------------------

************************************************************
10:10:01: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
10:10:01: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
No ShellIconOverlayIdentifiers Registry key found to scan

************************************************************
10:10:01: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: D:\Bureau\Martinique\P1010166.JPG
D:\Bureau\Martinique\P1010166.JPG
2637397 bytes
Created: 01/11/2008
Modified: 28/07/2008
Company:
----------
Web Desktop Wallpaper: D:\Bureau\Martinique\P1010166.JPG
D:\Bureau\Martinique\P1010166.JPG
2637397 bytes
Created: 01/11/2008
Modified: 28/07/2008
Company:
----------
Additional checks completed

************************************************************
10:10:02: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\wininit.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\services.exe
--------------------
C:\Windows\system32\lsass.exe
--------------------
C:\Windows\system32\lsm.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\winlogon.exe
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\Windows\system32\Dwm.exe
--------------------
C:\Windows\Explorer.EXE - file already scanned
--------------------
C:\Windows\System32\spoolsv.exe
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Windows\RtHDVCpl.exe - file already scanned
--------------------
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe - file already scanned
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Launch Manager\LManager.exe
--------------------
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe - file already scanned
--------------------
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe - file already scanned
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Razer\Diamondback 3G\razerhid.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
--------------------
C:\Windows\System32\rundll32.exe
--------------------
C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned
--------------------
C:\Program Files\Steam\Steam.exe
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe - file already scanned
--------------------
C:\Windows\System32\rundll32.exe
--------------------
C:\Users\GGEX~1\AppData\Local\Temp\RtkBtMnt.exe
--------------------
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe - file already scanned
--------------------
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe - file already scanned
--------------------
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
--------------------
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
--------------------
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
--------------------
C:\Program Files\Razer\Diamondback 3G\razertra.exe
--------------------
C:\Acer\Empowering Technology\eNet\eNet Service.exe - file already scanned
--------------------
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe - file already scanned
--------------------
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--------------------
C:\Acer\Mobility Center\MobilityService.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\CyberLink\Shared Files\RichVideo.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\DRIVERS\xaudio.exe
--------------------
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe - file already scanned
--------------------
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe - file already scanned
--------------------
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe - file already scanned
--------------------
C:\Windows\system32\wbem\wmiprvse.exe
--------------------
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
--------------------
C:\Windows\system32\wbem\unsecapp.exe
--------------------
C:\Windows\system32\wbem\wmiprvse.exe
--------------------
C:\Program Files\Common Files\Steam\SteamService.exe
--------------------
C:\Windows\system32\SearchIndexer.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Windows\system32\conime.exe
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 2888568
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
10:10:04: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://fr.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.fr/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 10:10:04 18 nov. 2008
Total Scan time: 00:00:30
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
18/11/2008 10:10:09: restart commenced
************************************************************

Mon pc est HS !!!

94 réponses

Newsletters