Se connecter / S'enregistrer
Votre question

Plusieurs processus explorer.exe

Tags :
  • Acer
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Août 2010 14:01:52

Bonjour à toutes et à tous,

J'ai un problème au niveau de mes processus. En effet, dans l'onglet processus du gestionnaire des tâches explorer.exe apparrait plusieur fois. De plus, microsoft windows me génére des rapport d'erreur et qu'un programme du nom de SetCryptin à cesser de fonctionner. Or, qd je mets "fermer le programme" le message de microsoft windows réapparrait indéfiniment.
Est ce à cause d'un virus??
Merci d'avance pour votre aide

Autres pages sur : plusieurs processus explorer exe

12 Août 2010 19:43:29

up
13 Août 2010 12:58:25

up
Contenus similaires
13 Août 2010 15:16:07

Tu as tenté de terminer le processus ?

EDIT : Et quel est ton os ?
13 Août 2010 17:08:11

oui j'ai tenté de fermer les processus mais ils réapparaissent à chaque fois, je suis sous windows vista.
13 Août 2010 20:09:49

Fait une analyse avec Hijackthis, et poste le résultat ici.
13 Août 2010 21:48:49

voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:42, on 13/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Users\Taha\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Users\Taha\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [HKCU] C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9153 bytes
13 Août 2010 22:22:19

Salut,

Par hasard, Dans Panneau de Config => Option des dossiers => Onglet Affichage, la case "Ouvrir les fenêtre des dossiers dans un processus différent" ne serait pas activé ?

A+
13 Août 2010 22:27:23

Salut TGV6773,

La case "Ouvrir les fenêtre des dossiers dans un processus différent" n'est pas activé.

A+
13 Août 2010 22:33:34

Apparement, il n'y a rien d'anormal. Essaye de faire une analyse avec antivir. Sinon, nettoie la base registre avec NTREGOPT. ca peut pas te faire de mal.
14 Août 2010 18:22:14

j'ai fait un scan, cependant l'antivirus n'a rien trouvé. J'ai aussi nettoyer la base de registre
15 Août 2010 18:07:04

J'ai toujours le même probléme
15 Août 2010 23:14:16

up
22 Août 2010 21:57:58

Désolé pour le blanc, peux-tu poster une capture d'écrans de ton gestionnaire de tache ?
30 Août 2010 12:20:14

Salut
Le problème c'est le faux explorer.exe (C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe ) dont le processus est lacé plusieurs fois, et qui se lance au démarrage du système (O4 - HKCU\..\Run: [HKCU] C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe ).
J'ai eu le meme problème, et rien ni avast ni Malwarebytes ne trouvaient de problème... donc le plus simple c'est de le supprimer manuellement.
Tu reboot en mode sans echec et tu supprimes le dossier C:\Users\Taha\AppData\Roaming\WinX2L2K2
Tu peux aussi faire un petit msconfig (demarrer>executer>msconfig, ou tape direct msconfig dans la barre de recherche du menu démarrer), dans l'onglet démarrage tu recherches notre explorer.exe (il n'aura sans doute pas ce nom la, mais recherche C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe dans la colonne commande).
un petit redémarrage et ca devrait etre réglé!
1 Novembre 2010 16:57:02

Bonjour
ça semble pas vraiment t'affoler de voir que des faux explorer tournent en permanence sur ton pc... :o 

Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    1 Novembre 2010 18:28:47

    Bonsoir Sham_Rock,

    voici le rapport DDS comme convenu, c'est vrai que j'ai laisser trainer le problème un peu trop longtemps :lol: 


    DDS (Ver_10-10-31.01) - NTFSx86
    Run by Taha at 18:43:46,90 on 02/11/2010
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.993 [GMT 1:00]

    AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: VirusScan Enterprise + AntiSpyware Enterprise *enabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Acer\ALaunch\ALaunchSvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Users\Taha\AppData\Local\Temp\RtkBtMnt.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxbfcoms.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Windows\system32\mfevtps.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    C:\Windows\system32\iashost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\alg.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\Taha\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.sfr.fr/kit/adsl/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uSearch Bar = hxxp://g.msn.fr/0SEFRFR/SAOS02
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    mDefault_Page_URL = hxxp://fr.fr.acer.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Objet d'aide à la navigation SFR: {0f6e720a-1a6b-40e1-a294-1d4d19f156c8} - c:\program files\sfr\kit\SFRNavErrorHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
    TB: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [HKCU] c:\users\taha\appdata\roaming\winx2l2k2\explorer.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
    mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Skytel] Skytel.exe
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: eNetHook.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    FF - component: c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-19 340592]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-11-9 13560]
    R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-7-31 50688]
    R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
    R2 McAfeeFramework;Service McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-2-19 67904]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-31 179712]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-6-28 33792]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-19 90360]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-19 42424]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-20 135664]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-3-11 1527900]
    S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-25 21504]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-2-19 64432]
    S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== File Associations ===============

    regfile="regedit.exe" "%1"

    =============== Created Last 30 ================

    2010-11-02 09:25:50 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bd58536f-e862-412b-8178-7841902e56c3}\mpengine.dll
    2010-10-27 09:34:18 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-27 09:34:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-27 09:34:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-16 00:28:20 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
    2010-10-16 00:28:18 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
    2010-10-15 00:18:05 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-15 00:17:40 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-15 00:17:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-15 00:17:05 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-15 00:17:05 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-15 00:17:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-15 00:17:04 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-15 00:17:03 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-15 00:16:45 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-10-15 00:16:45 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-15 00:16:41 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-15 00:16:39 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-15 00:16:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-15 00:16:33 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-15 00:16:28 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-15 00:16:25 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-15 00:16:20 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-15 00:15:57 834048 ----a-w- c:\windows\system32\wininet.dll
    2010-10-15 00:15:55 389632 ----a-w- c:\windows\system32\html.iec
    2010-10-15 00:15:54 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-10-05 18:51:43 -------- d-----w- c:\users\taha\appdata\roaming\Apowersoft
    2010-10-05 17:53:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
    2010-10-05 17:53:19 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
    2010-10-05 17:53:19 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
    2010-10-05 17:53:19 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
    2010-10-05 17:53:19 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2010-10-05 17:53:18 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2010-10-05 17:53:18 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
    2010-10-05 17:53:18 -------- d-----w- c:\users\taha\appdata\roaming\FreeFLVConverter

    ==================== Find3M ====================

    2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-05 08:59:22 175104 ----a-w- c:\users\taha\appdata\roaming\Taha3SQLite3.dll

    ============= FINISH: 18:45:34,81 ===============
    2 Novembre 2010 18:44:55

    up
    2 Novembre 2010 19:20:00

    re
    excuse-moi, ce topic n'est pas marqué de la même façon pour moi, du coup je passe à côté...(si tu vois que je poste sur d'autres sujets et que je te réponds pas, tu peux me mp ;)  )

    +++++++++

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>


    2 Novembre 2010 20:16:52

    Pas de problème, voici le rapport combofix :

    ComboFix 10-11-02.01 - Taha 02/11/2010 20:06:08.1.2 - x86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.874 [GMT 1:00]
    Lancé depuis: c:\users\Taha\Desktop\ComboFix.exe
    AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Recycle
    c:\recycle\Drum Tools Demo.aif
    c:\recycle\INSTALL.LOG
    c:\recycle\Keyboard Shortcuts.pdf
    c:\recycle\Menu and Dialog Reference.pdf
    c:\recycle\Operation Manual.pdf
    c:\recycle\Product Registration.pdf
    c:\recycle\Read Me.rtf
    c:\recycle\ReCycle.exe
    c:\recycle\ReCycleHelp.chm
    c:\recycle\Tutorial.rx2
    c:\users\Taha\AppData\Roaming\Taha3SQLite3.dll
    c:\windows\jestertb.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-02 au 2010-11-02 ))))))))))))))))))))))))))))))))))))
    .

    2010-11-02 19:14 . 2010-11-02 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-02 09:25 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD58536F-E862-412B-8178-7841902E56C3}\mpengine.dll
    2010-10-27 09:34 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-27 09:34 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-27 09:34 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-20 10:09 . 2010-10-25 09:27 -------- d-----w- c:\program files\7-Zip
    2010-10-16 00:28 . 2010-10-28 09:56 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
    2010-10-16 00:28 . 2010-10-28 09:56 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
    2010-10-15 00:18 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-15 00:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-15 00:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-15 00:17 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-15 00:17 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-15 00:17 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-15 00:17 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-15 00:17 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-15 00:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-15 00:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-15 00:16 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-15 00:16 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-15 00:16 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-15 00:16 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-15 00:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-15 00:16 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-15 00:16 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-15 00:15 . 2010-09-08 17:07 834048 ----a-w- c:\windows\system32\wininet.dll
    2010-10-15 00:15 . 2010-09-08 15:23 389632 ----a-w- c:\windows\system32\html.iec
    2010-10-15 00:15 . 2010-09-08 17:23 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-10-05 18:51 . 2010-10-05 18:51 -------- d-----w- c:\users\Taha\AppData\Roaming\Apowersoft
    2010-10-05 17:53 . 2010-10-01 13:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
    2010-10-05 17:53 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
    2010-10-05 17:53 . 2009-06-19 17:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
    2010-10-05 17:53 . 2009-06-19 17:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
    2010-10-05 17:53 . 2009-06-19 17:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2010-10-05 17:53 . 2010-10-05 17:53 -------- d-----w- c:\users\Taha\AppData\Roaming\FreeFLVConverter
    2010-10-05 17:53 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2010-10-05 17:53 . 2009-06-19 17:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 09:41 . 2009-10-04 16:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-15 02:50 . 2010-06-21 16:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-26 16:33 . 2010-10-27 09:34 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33 . 2010-10-27 09:34 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33 . 2010-10-27 09:34 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-26 16:33 . 2010-10-27 09:34 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-17 14:11 . 2010-09-15 11:02 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2008-09-29 07:07 . 2010-02-19 14:09 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
    2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
    "PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
    "Skytel"="Skytel.exe" [2007-06-15 1826816]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\eNetHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux8"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
    2007-05-22 13:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
    2010-08-05 08:57 794220 --sha-r- c:\users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
    2009-12-07 12:17 38240 ----a-w- c:\program files\Mindjet\MindManager 8\MmReminderService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
    2007-05-24 12:38 206952 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-11-04 09:30 413696 ----a-w- c:\program files\VistaCodecPack\QT\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]
    R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
    R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-30 717296]
    S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
    S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
    S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
    S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contenu du dossier 'Tâches planifiées'

    2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]

    2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]

    2010-11-02 c:\windows\Tasks\Norton Security Scan for Taha.job
    - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-20 07:48]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.sfr.fr/kit/adsl/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    FF - component: c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-02 20:15
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(756)
    c:\windows\system32\eNetHook.dll

    - - - - - - - > 'lsass.exe'(712)
    c:\windows\system32\eNetHook.dll
    .
    Heure de fin: 2010-11-02 20:18:47
    ComboFix-quarantined-files.txt 2010-11-02 19:18

    Avant-CF: 1 304 084 480 octets libres
    Après-CF: 1 245 179 904 octets libres

    - - End Of File - - 28DB99B4A45870DF1C18FAA051A2DFC4
    2 Novembre 2010 20:34:37

    re

    1

    Copie (Ctrl+C) le texte ci-dessous :

    Folder::
    C:\Users\Taha\AppData\Roaming\WinX2L2K2



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer


    2

    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Double-clique sur le fichier GMER téléchargé.
    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet "rootkit"
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.



    2 Novembre 2010 21:03:27

    Les "faux" processus explorer.exe ont disparus, voici le rapport de combofix :

    ComboFix 10-11-02.01 - Taha 02/11/2010 20:47:40.2.2 - x86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.988 [GMT 1:00]
    Lancé depuis: c:\users\Taha\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\Taha\Documents\CFScript.txt
    AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Taha\AppData\Roaming\WinX2L2K2
    c:\users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-02 au 2010-11-02 ))))))))))))))))))))))))))))))))))))
    .

    2010-11-02 19:55 . 2010-11-02 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-02 09:25 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD58536F-E862-412B-8178-7841902E56C3}\mpengine.dll
    2010-10-27 09:34 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-27 09:34 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-27 09:34 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-20 10:09 . 2010-10-25 09:27 -------- d-----w- c:\program files\7-Zip
    2010-10-16 00:28 . 2010-10-28 09:56 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
    2010-10-16 00:28 . 2010-10-28 09:56 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
    2010-10-15 00:18 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-15 00:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-15 00:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-15 00:17 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-15 00:17 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-15 00:17 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-15 00:17 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-15 00:17 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-15 00:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-15 00:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-15 00:16 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-15 00:16 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-15 00:16 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-15 00:16 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-15 00:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-15 00:16 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-15 00:16 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-15 00:15 . 2010-09-08 17:07 834048 ----a-w- c:\windows\system32\wininet.dll
    2010-10-15 00:15 . 2010-09-08 15:23 389632 ----a-w- c:\windows\system32\html.iec
    2010-10-15 00:15 . 2010-09-08 17:23 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-10-05 18:51 . 2010-10-05 18:51 -------- d-----w- c:\users\Taha\AppData\Roaming\Apowersoft
    2010-10-05 17:53 . 2010-10-01 13:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
    2010-10-05 17:53 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
    2010-10-05 17:53 . 2009-06-19 17:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
    2010-10-05 17:53 . 2009-06-19 17:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
    2010-10-05 17:53 . 2009-06-19 17:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2010-10-05 17:53 . 2010-10-05 17:53 -------- d-----w- c:\users\Taha\AppData\Roaming\FreeFLVConverter
    2010-10-05 17:53 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2010-10-05 17:53 . 2009-06-19 17:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 09:41 . 2009-10-04 16:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-15 02:50 . 2010-06-21 16:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-26 16:33 . 2010-10-27 09:34 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33 . 2010-10-27 09:34 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33 . 2010-10-27 09:34 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-26 16:33 . 2010-10-27 09:34 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-17 14:11 . 2010-09-15 11:02 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2008-09-29 07:07 . 2010-02-19 14:09 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
    2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
    "PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
    "Skytel"="Skytel.exe" [2007-06-15 1826816]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\eNetHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux8"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
    2007-05-22 13:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
    2009-12-07 12:17 38240 ----a-w- c:\program files\Mindjet\MindManager 8\MmReminderService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
    2007-05-24 12:38 206952 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-11-04 09:30 413696 ----a-w- c:\program files\VistaCodecPack\QT\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 135664]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]
    R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [x]
    R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-30 717296]
    S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
    S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
    S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
    S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contenu du dossier 'Tâches planifiées'

    2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]

    2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 20:50]

    2010-11-02 c:\windows\Tasks\Norton Security Scan for Taha.job
    - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-20 07:48]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.sfr.fr/kit/adsl/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    FF - component: c:\users\Taha\AppData\Roaming\Mozilla\Firefox\Profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
    FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-HKCU - c:\users\Taha\AppData\Roaming\WinX2L2K2\explorer.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-02 20:56
    Windows 6.0.6002 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000003d
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(756)
    c:\windows\system32\eNetHook.dll

    - - - - - - - > 'lsass.exe'(712)
    c:\windows\system32\eNetHook.dll
    .
    Heure de fin: 2010-11-02 20:59:10
    ComboFix-quarantined-files.txt 2010-11-02 19:59
    ComboFix2.txt 2010-11-02 19:18

    Avant-CF: 1 272 045 568 octets libres
    Après-CF: 1 231 749 120 octets libres

    - - End Of File - - 51FE48C26874CC8F60F0DF36BAD08CCF
    2 Novembre 2010 21:53:38

    Voici le rapport avec GMER :

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-11-02 21:58:07
    Windows 6.0.6002 Service Pack 2
    Running: 3l8s53rl.exe; Driver: C:\Users\Taha\AppData\Local\Temp\pxlcquod.sys


    ---- System - GMER 1.0.15 ----

    INT 0x51 ? 85EF2BF8
    INT 0x62 ? 85EF2BF8
    INT 0x72 ? 8447ABF8
    INT 0x82 ? 8447ABF8
    INT 0x92 ? 8447ABF8
    INT 0x92 ? 8447ABF8
    INT 0x92 ? 85EF2BF8
    INT 0x92 ? 8447ABF8
    INT 0xA2 ? 85EF2BF8
    INT 0xB3 ? 85EF2BF8

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x8859CFF8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8859D00C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8859D05E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0x8859D086]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x8859D072]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8859D04A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8859D036]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8859CFE4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8859D022]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntoskrnl.exe!ZwNotifyChangeKey 8262788D 5 Bytes JMP 8859D062 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtSetInformationProcess 8266699A 5 Bytes JMP 8859D03A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwTerminateProcess 8266B04F 5 Bytes JMP 8859CFE8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateUserProcess 8267D9D5 5 Bytes JMP 8859D026 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRestoreKey 8269B372 1 Byte [E9]
    PAGE ntoskrnl.exe!ZwRestoreKey 8269B372 5 Bytes JMP 8859D076 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwReplaceKey 8269C576 5 Bytes JMP 8859D08A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateProcess 826DA93F 5 Bytes JMP 8859CFFC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 826DA98A 7 Bytes JMP 8859D010 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwSetContextThread 826DB443 5 Bytes JMP 8859D04E \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    ? System32\Drivers\spog.sys Le chemin d'accès spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload 8D34341B 5 Bytes JMP 85EF21D8
    .text awnsulm0.SYS 887BC000 22 Bytes [82, 63, 42, 82, 6C, 62, 42, ...]
    .text awnsulm0.SYS 887BC017 45 Bytes [00, 32, 27, F5, 87, 3D, 25, ...]
    .text awnsulm0.SYS 887BC045 135 Bytes [E3, 4A, 82, 4C, FF, 4D, 82, ...]
    .text awnsulm0.SYS 887BC0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
    .text awnsulm0.SYS 887BC0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
    .text ...
    ? C:\Users\Taha\AppData\Local\Temp\mbr.sys Le fichier spécifié est introuvable. !
    ? C:\Users\Taha\AppData\Local\Temp\catchme.sys Le fichier spécifié est introuvable. !
    ? C:\Windows\system32\Drivers\PROCEXP113.SYS Le fichier spécifié est introuvable. !

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 844792D8
    IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [87E79C4C] \SystemRoot\System32\Drivers\spog.sys
    IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [87E79CA0] \SystemRoot\System32\Drivers\spog.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [87E496D2] \SystemRoot\System32\Drivers\spog.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [87E49040] \SystemRoot\System32\Drivers\spog.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [87E497FC] \SystemRoot\System32\Drivers\spog.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [87E490BE] \SystemRoot\System32\Drivers\spog.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [87E4913C] \SystemRoot\System32\Drivers\spog.sys
    IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 8447A2D8
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 85EF22D8
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [87E59048] \SystemRoot\System32\Drivers\spog.sys
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortNotification] CC000CC2
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
    IAT \SystemRoot\System32\Drivers\awnsulm0.SYS[NTOSKRNL.exe!KeTickCount] FFFFF104
    IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 85F892D8

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74197817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [741EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7419BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7418F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [741975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7418E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7419DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7418FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7418FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [741871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7421CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [741BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7418D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74186853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7418687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74192AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 84E111F8

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    Device \FileSystem\fastfat \FatCdrom 845FB500
    Device \Driver\volmgr \Device\VolMgrControl 8447C1F8
    Device \Driver\usbuhci \Device\USBPDO-0 85F021F8
    Device \Driver\usbuhci \Device\USBPDO-1 85F021F8
    Device \Driver\sptd \Device\3050580583 spog.sys
    Device \Driver\usbehci \Device\USBPDO-2 85F031F8
    Device \Driver\usbuhci \Device\USBPDO-3 85F021F8
    Device \Driver\PCI_PNP6569 \Device\00000054 spog.sys
    Device \Driver\usbuhci \Device\USBPDO-4 85F021F8

    AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \Driver\usbuhci \Device\USBPDO-5 85F021F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{E681AA19-620A-46E3-8BE4-854AE145272C} 869B21F8
    Device \Driver\usbehci \Device\USBPDO-6 85F031F8
    Device \Driver\volmgr \Device\HarddiskVolume1 8447C1F8
    Device \Driver\volmgr \Device\HarddiskVolume2 8447C1F8
    Device \Driver\cdrom \Device\CdRom0 85FAD1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E0F1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84E0F1F8
    Device \Driver\atapi \Device\Ide\IdePort0 84E0F1F8
    Device \Driver\atapi \Device\Ide\IdePort1 84E0F1F8
    Device \Driver\atapi \Device\Ide\IdePort2 84E0F1F8
    Device \Driver\atapi \Device\Ide\IdePort3 84E0F1F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel0 84E101F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel1 84E101F8
    Device \Driver\volmgr \Device\HarddiskVolume3 8447C1F8
    Device \Driver\cdrom \Device\CdRom1 85FAD1F8
    Device \Driver\netbt \Device\NetBt_Wins_Export 869B21F8
    Device \Driver\Smb \Device\NetbiosSmb 869C31F8
    Device \Driver\iScsiPrt \Device\RaidPort0 85FE81F8

    AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \Driver\usbuhci \Device\USBFDO-0 85F021F8
    Device \Driver\usbuhci \Device\USBFDO-1 85F021F8
    Device \Driver\usbehci \Device\USBFDO-2 85F031F8
    Device \Driver\usbuhci \Device\USBFDO-3 85F021F8
    Device \Driver\usbuhci \Device\USBFDO-4 85F021F8
    Device \Driver\usbuhci \Device\USBFDO-5 85F021F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{AA5F1747-800F-4F3F-B4FA-703DE1C18B6D} 869B21F8
    Device \Driver\usbehci \Device\USBFDO-6 85F031F8
    Device \Driver\awnsulm0 \Device\Scsi\awnsulm01Port5Path0Target0Lun0 85F2E1F8
    Device \Driver\awnsulm0 \Device\Scsi\awnsulm01 85F2E1F8
    Device \FileSystem\fastfat \Fat 845FB500

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    Device \FileSystem\cdfs \Cdfs AE6071F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -938860147
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 364202967
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB6 0xC1 0xD3 0x1C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0xB6 0xBF 0xE9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x8B 0xA1 0x22 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB6 0xC1 0xD3 0x1C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0xB6 0xBF 0xE9 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x8B 0xA1 0x22 ...
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Taha\Desktop\[Full_Packaged_Product]_Reason_4.0_-_ReCycle_2.1_-_ReFill_Packer_3.0_-_ReFill_Viewer 0.2_-_Reload_1.0_[Propellerheads_Release]\x2122\Propellerhead ReCycle 2.1\Propellerhead ReCycle 2.1.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Taha\Desktop\[Full_Packaged_Product]_Reason_4.0_-_ReCycle_2.1_-_ReFill_Packer_3.0_-_ReFill_Viewer 0.2_-_Reload_1.0_[Propellerheads_Release]\x2122\Propellerhead ReFill Packer 3.0\Install ReFill Packer 3.0.exe 1

    ---- EOF - GMER 1.0.15 ----
    3 Novembre 2010 11:39:28

    bien
    refais un scan DDS stp
    3 Novembre 2010 13:26:13

    Voici le scan DDS :


    DDS (Ver_10-10-31.01) - NTFSx86
    Run by Taha at 13:29:58,89 on 03/11/2010
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.929 [GMT 1:00]

    AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Acer\ALaunch\ALaunchSvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxbfcoms.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\iashost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\alg.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\conime.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Taha\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.sfr.fr/kit/adsl/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Objet d'aide à la navigation SFR: {0f6e720a-1a6b-40e1-a294-1d4d19f156c8} - c:\program files\sfr\kit\SFRNavErrorHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
    TB: Yahoo! Toolbar avec bloqueur de fenêtres pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
    mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Skytel] Skytel.exe
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\windows\system32\eNetHook.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    FF - component: c:\users\taha\appdata\roaming\mozilla\firefox\profiles\jwrji21d.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-19 340592]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-11-9 13560]
    R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-7-31 50688]
    R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?]
    R2 McAfeeFramework;Service McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-2-19 67904]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-31 179712]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-6-28 33792]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-20 135664]
    S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
    S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
    S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-3-11 1527900]
    S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-25 21504]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-19 90360]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-19 42424]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-2-19 64432]
    S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-11-02 19:59:16 -------- d-sh--w- C:\$RECYCLE.BIN
    2010-11-02 19:46:26 -------- d-----w- C:\ComboFix
    2010-11-02 19:02:35 98816 ----a-w- c:\windows\sed.exe
    2010-11-02 19:02:35 86528 ----a-w- c:\windows\MBR.exe
    2010-11-02 19:02:35 256512 ----a-w- c:\windows\PEV.exe
    2010-11-02 19:02:35 161792 ----a-w- c:\windows\SWREG.exe
    2010-11-02 09:25:50 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{bd58536f-e862-412b-8178-7841902e56c3}\mpengine.dll
    2010-10-27 09:34:18 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-27 09:34:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-27 09:34:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-16 00:28:20 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
    2010-10-16 00:28:18 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
    2010-10-15 00:18:05 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-15 00:17:40 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-15 00:17:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-15 00:17:05 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-15 00:17:05 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-15 00:17:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-15 00:17:04 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-15 00:17:03 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-15 00:16:45 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-10-15 00:16:45 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-15 00:16:41 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-15 00:16:39 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-15 00:16:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-15 00:16:33 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-15 00:16:28 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-15 00:16:25 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-15 00:16:20 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-15 00:15:57 834048 ----a-w- c:\windows\system32\wininet.dll
    2010-10-15 00:15:55 389632 ----a-w- c:\windows\system32\html.iec
    2010-10-15 00:15:54 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-10-05 18:51:43 -------- d-----w- c:\users\taha\appdata\roaming\Apowersoft
    2010-10-05 17:53:20 307200 ----a-w- c:\windows\system32\TubeFinder.exe
    2010-10-05 17:53:19 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
    2010-10-05 17:53:19 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
    2010-10-05 17:53:19 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
    2010-10-05 17:53:19 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2010-10-05 17:53:18 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2010-10-05 17:53:18 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
    2010-10-05 17:53:18 -------- d-----w- c:\users\taha\appdata\roaming\FreeFLVConverter

    ==================== Find3M ====================

    2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

    ============= FINISH: 13:30:59,67 ===============
    3 Novembre 2010 21:57:37

    re
    comment se comporte ton pc?
    4 Novembre 2010 10:07:48

    Re,

    Tous les processus explorer.exe ont disparu et même au redémarrage de mon PC tout fonctionne bien. Il n'y a plus rien à signaler, un grand merci à toi. ;) 
    4 Novembre 2010 21:53:14

    Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.





    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Lire aussi:
  • Antispyware gratuit : ça sert à rien!


    ~Edite ton premier message et marque [résolu] dans le titre.
    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS