Votre question

Ralentissement PC + eventuel virus .

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Février 2009 12:07:58

Bonjour, j'ai quelques soucis avec le P.C, depuis quelques temps il ralenti serieusement. avec apparition de virus "trojan"
j'ai fais un raport hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:10, on 15/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\acer\AppData\Local\Temp\AutoDetect.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\Users\acer\AppData\Local\Temp\AutoDetect.exe /active
O4 - HKCU\..\RunOnce: [Ceedo Repair] C:\Users\acer\AppData\Local\Temp\AutoDetect.exe /repair /drive=
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: TrayMin220.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 12174 bytes

Autres pages sur : ralentissement eventuel virus

a b 8 Sécurité
15 Février 2009 16:45:07

Bonjour,

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    15 Février 2009 18:18:31

    ComboFix 09-02-14.01 - acer 2009-02-15 18:10:51.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.894.266 [GMT 1:00]
    Lancé depuis: c:\users\acer\Downloads\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-15 11:58 . 2009-02-15 11:58 <REP> d-------- c:\program files\Trend Micro
    2009-02-14 21:46 . 2009-02-14 21:46 <REP> d-------- C:\ViaMichelin
    2009-02-14 14:12 . 2004-12-30 10:00 104,576 --a------ c:\windows\System32\drivers\wceusbsh.sys
    2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\users\All Users\Avira
    2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\programdata\Avira
    2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\program files\Avira
    2009-02-13 20:05 . 2009-02-15 10:00 28 --a------ c:\windows\ODBC.INI
    2009-02-13 20:03 . 2009-02-15 10:00 <REP> d-------- c:\program files\RomStation
    2009-02-12 15:49 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
    2009-02-12 15:49 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
    2009-02-12 15:49 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
    2009-02-12 15:49 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
    2009-02-12 15:49 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
    2009-02-12 15:46 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
    2009-02-12 15:46 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
    2009-02-07 13:11 . 2009-02-07 13:13 <REP> d-------- c:\windows\System32\HWC HD
    2009-02-07 13:11 . 2009-02-07 13:11 <REP> d-------- c:\program files\Hercules
    2009-02-07 13:11 . 2007-07-17 18:07 10,371,072 --a------ c:\windows\System32\drivers\snpstd3.sys
    2009-02-07 13:11 . 2006-08-01 12:31 3,600,384 --a------ c:\windows\ffmpeg.exe
    2009-02-07 13:11 . 2007-08-06 15:29 94,720 --a------ c:\windows\System32\drivers\camfilt2.sys
    2009-02-07 13:11 . 2007-04-20 16:26 57,344 --a------ c:\windows\System32\vsnpstd3.dll
    2009-02-07 13:11 . 2005-11-23 13:55 53,248 --a------ c:\windows\System32\csnpstd3.dll
    2009-02-07 13:11 . 2007-07-20 11:33 15,478 --a------ c:\windows\snpstd3.ini
    2009-02-07 13:11 . 2007-07-20 11:18 13,003 --a------ c:\windows\snpstd3.src
    2009-02-06 21:35 . 2009-02-06 21:36 <REP> d-------- c:\users\acer\{c38acd17-be8f-4e5f-808d-a084ccd1e3ca}
    2009-02-06 21:35 . 2009-02-06 21:35 <REP> d-------- c:\program files\Philips
    2009-02-06 21:34 . 2009-02-06 21:34 <REP> d-------- c:\users\acer\AppData\Roaming\InstallShield
    2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\program files\Photo Viewer
    2009-02-05 12:52 . 2009-02-15 18:05 <REP> d-------- c:\users\acer\Tracing
    2009-02-05 12:51 . 2009-02-05 12:51 <REP> d-------- c:\program files\Microsoft Sync Framework
    2009-02-05 12:46 . 2009-02-05 12:46 <REP> d-------- c:\program files\Windows Live SkyDrive
    2009-02-05 12:46 . 2009-02-05 12:46 <REP> d-------- c:\program files\Microsoft
    2009-02-05 12:28 . 2009-02-05 12:28 <REP> d-------- c:\program files\Common Files\Windows Live
    2009-02-03 23:08 . 2009-02-04 00:02 <REP> d-------- c:\users\acer\AppData\Roaming\Micro Application
    2009-02-03 23:01 . 2009-02-03 23:01 <REP> d-------- c:\program files\Micro Application
    2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Videos
    2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Pictures
    2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Music
    2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Downloads
    2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
    2009-01-31 21:50 . 2009-01-31 21:50 230,432 --a------ C:\SPC220NC.DAT
    2009-01-31 12:38 . 2009-01-31 12:38 <REP> d-------- c:\program files\Defraggler
    2009-01-30 19:24 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
    2009-01-30 19:24 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
    2009-01-30 19:24 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
    2009-01-30 19:24 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2009-01-30 19:24 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
    2009-01-30 19:24 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
    2009-01-30 19:24 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
    2009-01-30 19:24 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
    2009-01-30 19:15 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
    2009-01-30 19:15 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
    2009-01-30 19:15 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
    2009-01-30 19:15 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
    2009-01-30 19:14 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
    2009-01-26 23:37 . 2009-02-14 13:55 <REP> d-------- c:\program files\ESET
    2009-01-26 18:49 . 2009-01-26 18:49 <REP> d-------- c:\program files\NETGEAR
    2009-01-26 18:48 . 2009-01-26 18:48 <REP> d-------- c:\windows\Downloaded Installations

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-14 20:46 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-12 14:50 --------- d-----w c:\program files\Windows Mail
    2009-02-07 19:25 --------- d-----w c:\users\acer\AppData\Roaming\skypePM
    2009-02-07 19:25 --------- d-----w c:\users\acer\AppData\Roaming\Skype
    2009-02-06 20:36 --------- d-----w c:\program files\ArcSoft
    2009-02-05 11:51 --------- d-----w c:\program files\Windows Live Toolbar
    2009-02-05 11:51 --------- d-----w c:\program files\Windows Live
    2009-01-30 18:11 --------- d-----w c:\users\acer\AppData\Roaming\LimeWire
    2009-01-26 22:33 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-01-26 22:27 --------- d-----w c:\programdata\Symantec
    2009-01-26 22:27 --------- d-----w c:\program files\Symantec
    2009-01-26 19:32 --------- d-----w c:\program files\Avanquest update
    2009-01-11 12:04 --------- d-----w c:\programdata\eMule
    2009-01-11 12:04 --------- d-----w c:\program files\eMule
    2009-01-11 12:02 --------- d-----w c:\program files\LimeWire
    2009-01-10 11:01 65,024 ----a-w c:\windows\IFinst26.exe
    2009-01-10 11:01 --------- d-----w c:\program files\XviD
    2009-01-10 11:01 --------- d-----w c:\program files\Lame MP3 Codec
    2009-01-10 11:00 --------- d-----w c:\users\acer\AppData\Roaming\DataCast
    2009-01-10 11:00 --------- d-----w c:\program files\Samsung
    2009-01-10 11:00 --------- d-----w c:\program files\MarkAny
    2009-01-10 10:52 --------- d-----w c:\program files\Google
    2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
    2009-01-04 08:25 --------- d-----w c:\program files\DivX
    2009-01-04 08:23 --------- d-----w c:\users\acer\AppData\Roaming\DivX
    2009-01-04 08:23 --------- d-----w c:\program files\Common Files\PX Storage Engine
    2009-01-04 00:08 --------- d-----w c:\program files\Common Files\Skype
    2009-01-04 00:08 --------- d-----w c:\program files\Bonjour
    2009-01-03 18:59 --------- d-----w c:\programdata\PC Drivers HeadQuarters
    2009-01-03 18:59 --------- d-----w c:\program files\PC Drivers HeadQuarters
    2009-01-03 16:25 --------- d-----w c:\program files\Logitech
    2008-12-29 15:03 --------- d-----w c:\program files\Bonjour(54)
    2008-12-21 16:59 --------- d-----w c:\users\acer\AppData\Roaming\HP
    2008-12-21 12:17 --------- d-----w c:\users\acer\AppData\Roaming\Logitech
    2008-12-21 12:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-12-21 12:12 --------- d-----w c:\programdata\Logitech
    2008-12-21 12:12 --------- d-----w c:\program files\Common Files\Logitech
    2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-15 15:20 --------- d-----w c:\programdata\Apple Computer
    2008-12-15 15:20 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-15 15:20 --------- d-----w c:\program files\iTunes
    2008-12-15 15:20 --------- d-----w c:\program files\iPod
    2008-12-15 15:20 --------- d-----w c:\program files\Common Files\Apple
    2008-12-15 15:17 --------- d-----w c:\program files\QuickTime
    2008-12-15 15:11 --------- d-----w c:\program files\Safari
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
    2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe
    2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
    2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
    2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
    2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
    2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
    2008-10-31 18:44 174 --sha-w c:\program files\desktop.ini
    2008-10-28 20:15 56 ---ha-w c:\users\All Users\ezsidmv.dat
    2008-10-28 20:15 56 ---ha-w c:\programdata\ezsidmv.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"="" [?]
    "?????????"="??????????????e" [?]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
    "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
    "MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-11 185872]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-21 688128]
    TrayMin220.lnk - c:\program files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2009-02-06 278528]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= c:\progra~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM
    "VIDC.JDCT"= jl_jdct.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logiciel Kodak EasyShare.lnk
    backup=c:\windows\pss\Logiciel Kodak EasyShare.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    path=c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    --a------ 2006-11-17 08:26 453120 c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    --------- 2008-07-10 10:22 397312 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-11-11 09:33 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
    "{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
    "{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
    "{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
    "{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
    "{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
    "{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
    "{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
    "{E9578D5D-1D23-4F6C-B84E-16BC402F0F2F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{964DAD70-B7D0-4088-A676-7730F0529E29}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{B199E570-7FDD-452C-A5B0-DEC43C2623B8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{56A696B7-673C-4B87-AD50-43DC626B1941}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
    "{1084E518-4FB5-4AF5-AAE9-F40FCEB8FB4B}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
    "{DE3AA7B4-AAEB-4491-BBA3-3BB74D0C0CD2}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
    "{6CA7C419-11F9-46C7-8689-51A136BE0409}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
    "{67230A94-5E94-418B-B0DA-30033C393570}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{CBC515E2-A3FE-49A2-8E45-13C229ED4C5A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{F831AD8E-C351-4132-8B5B-D9B197200AB0}"= UDP:c:\program files\Anuman Interactive\Code de la route\CODEDELAROUTE.exe:Code de la route
    "{154B5045-8968-4411-A1A5-9F53CC1C10A7}"= TCP:c:\program files\Anuman Interactive\Code de la route\CODEDELAROUTE.exe:Code de la route
    "{14B13542-07FB-4334-8FFD-52350EED4388}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
    "{0F932C4B-06B4-4544-B0C2-CAF95A5ED29C}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
    "TCP Query User{729A145D-BDE8-4A55-AD87-ADCBD33CBA22}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{D1808AEB-BEE4-4317-A2A7-1D9EAFFACA81}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "{72F5EF7D-457B-45DE-AAB3-F2BA9D04241D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "TCP Query User{C62A6EE6-054A-4DD0-80CC-098C64242DAB}c:\\program files\\hercules\\classic silver\\station2.exe"= UDP:c:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
    "UDP Query User{063166FB-52B8-42FA-846A-8A2F929DE931}c:\\program files\\hercules\\classic silver\\station2.exe"= TCP:c:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
    "TCP Query User{041E6FA8-15E2-4FA0-9DDF-C7B6D44DACA6}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
    "UDP Query User{187430B2-14C4-4C19-85E7-16AA003E4B55}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood

    R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
    R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
    S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872]
    S3 camfilt2;camfilt2;c:\windows\System32\drivers\camfilt2.sys [2009-02-07 94720]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [2008-11-18 13352]
    S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [2007-11-02 83496]
    S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\System32\drivers\s916mdfl.sys [2007-11-02 15016]
    S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\System32\drivers\s916mdm.sys [2007-11-02 109992]
    S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-03-14 47984]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{064da16f-b89a-11dd-9f7a-806e6f6e6963}]
    \shell\AutoRun\command - K:\Autorun.exe /run
    \shell\Shell00\Command - K:\Autorun.exe /run
    \shell\Shell01\Command - K:\Autorun.exe /action
    \shell\Shell02\Command - K:\Autorun.exe /uninstall

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9fea59-cb92-11dd-8db1-001060ec020a}]
    \shell\AutoRun\command - L:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef96e24-a52c-11dd-81d0-001060ec020a}]
    \shell\AutoRun\command - F:\LaunchU3.exe
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-Acer Tour - (no file)
    HKLM-Run-eRecoveryService - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\s7ao3c17.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-15 18:14:32
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(1968)
    c:\program files\Logitech\SetPoint\GameHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\program files\MarkAny\ContentSafer\MaCSProHook.DLL
    .
    Heure de fin: 2009-02-15 18:17:31
    ComboFix-quarantined-files.txt 2009-02-15 17:17:28

    Avant-CF: 43 263 373 312 octets libres
    Après-CF: 43,315,544,064 octets libres

    296 --- E O F --- 2009-02-13 14:21:53
    Contenus similaires
    15 Février 2009 18:18:54

    ComboFix 09-02-14.01 - acer 2009-02-15 18:10:51.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.894.266 [GMT 1:00]
    Lancé depuis: c:\users\acer\Downloads\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-15 11:58 . 2009-02-15 11:58 <REP> d-------- c:\program files\Trend Micro
    2009-02-14 21:46 . 2009-02-14 21:46 <REP> d-------- C:\ViaMichelin
    2009-02-14 14:12 . 2004-12-30 10:00 104,576 --a------ c:\windows\System32\drivers\wceusbsh.sys
    2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\users\All Users\Avira
    2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\programdata\Avira
    2009-02-14 14:02 . 2009-02-14 14:02 <REP> d-------- c:\program files\Avira
    2009-02-13 20:05 . 2009-02-15 10:00 28 --a------ c:\windows\ODBC.INI
    2009-02-13 20:03 . 2009-02-15 10:00 <REP> d-------- c:\program files\RomStation
    2009-02-12 15:49 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
    2009-02-12 15:49 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
    2009-02-12 15:49 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
    2009-02-12 15:49 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
    2009-02-12 15:49 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
    2009-02-12 15:46 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
    2009-02-12 15:46 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
    2009-02-07 13:11 . 2009-02-07 13:13 <REP> d-------- c:\windows\System32\HWC HD
    2009-02-07 13:11 . 2009-02-07 13:11 <REP> d-------- c:\program files\Hercules
    2009-02-07 13:11 . 2007-07-17 18:07 10,371,072 --a------ c:\windows\System32\drivers\snpstd3.sys
    2009-02-07 13:11 . 2006-08-01 12:31 3,600,384 --a------ c:\windows\ffmpeg.exe
    2009-02-07 13:11 . 2007-08-06 15:29 94,720 --a------ c:\windows\System32\drivers\camfilt2.sys
    2009-02-07 13:11 . 2007-04-20 16:26 57,344 --a------ c:\windows\System32\vsnpstd3.dll
    2009-02-07 13:11 . 2005-11-23 13:55 53,248 --a------ c:\windows\System32\csnpstd3.dll
    2009-02-07 13:11 . 2007-07-20 11:33 15,478 --a------ c:\windows\snpstd3.ini
    2009-02-07 13:11 . 2007-07-20 11:18 13,003 --a------ c:\windows\snpstd3.src
    2009-02-06 21:35 . 2009-02-06 21:36 <REP> d-------- c:\users\acer\{c38acd17-be8f-4e5f-808d-a084ccd1e3ca}
    2009-02-06 21:35 . 2009-02-06 21:35 <REP> d-------- c:\program files\Philips
    2009-02-06 21:34 . 2009-02-06 21:34 <REP> d-------- c:\users\acer\AppData\Roaming\InstallShield
    2009-02-06 12:51 . 2009-02-06 12:51 <REP> d-------- c:\program files\Photo Viewer
    2009-02-05 12:52 . 2009-02-15 18:05 <REP> d-------- c:\users\acer\Tracing
    2009-02-05 12:51 . 2009-02-05 12:51 <REP> d-------- c:\program files\Microsoft Sync Framework
    2009-02-05 12:46 . 2009-02-05 12:46 <REP> d-------- c:\program files\Windows Live SkyDrive
    2009-02-05 12:46 . 2009-02-05 12:46 <REP> d-------- c:\program files\Microsoft
    2009-02-05 12:28 . 2009-02-05 12:28 <REP> d-------- c:\program files\Common Files\Windows Live
    2009-02-03 23:08 . 2009-02-04 00:02 <REP> d-------- c:\users\acer\AppData\Roaming\Micro Application
    2009-02-03 23:01 . 2009-02-03 23:01 <REP> d-------- c:\program files\Micro Application
    2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Videos
    2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Pictures
    2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Music
    2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Downloads
    2009-02-03 23:00 . 2009-02-03 23:00 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
    2009-01-31 21:50 . 2009-01-31 21:50 230,432 --a------ C:\SPC220NC.DAT
    2009-01-31 12:38 . 2009-01-31 12:38 <REP> d-------- c:\program files\Defraggler
    2009-01-30 19:24 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
    2009-01-30 19:24 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
    2009-01-30 19:24 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
    2009-01-30 19:24 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2009-01-30 19:24 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
    2009-01-30 19:24 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
    2009-01-30 19:24 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
    2009-01-30 19:24 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
    2009-01-30 19:15 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
    2009-01-30 19:15 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
    2009-01-30 19:15 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
    2009-01-30 19:15 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
    2009-01-30 19:14 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
    2009-01-26 23:37 . 2009-02-14 13:55 <REP> d-------- c:\program files\ESET
    2009-01-26 18:49 . 2009-01-26 18:49 <REP> d-------- c:\program files\NETGEAR
    2009-01-26 18:48 . 2009-01-26 18:48 <REP> d-------- c:\windows\Downloaded Installations

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-14 20:46 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-12 14:50 --------- d-----w c:\program files\Windows Mail
    2009-02-07 19:25 --------- d-----w c:\users\acer\AppData\Roaming\skypePM
    2009-02-07 19:25 --------- d-----w c:\users\acer\AppData\Roaming\Skype
    2009-02-06 20:36 --------- d-----w c:\program files\ArcSoft
    2009-02-05 11:51 --------- d-----w c:\program files\Windows Live Toolbar
    2009-02-05 11:51 --------- d-----w c:\program files\Windows Live
    2009-01-30 18:11 --------- d-----w c:\users\acer\AppData\Roaming\LimeWire
    2009-01-26 22:33 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-01-26 22:27 --------- d-----w c:\programdata\Symantec
    2009-01-26 22:27 --------- d-----w c:\program files\Symantec
    2009-01-26 19:32 --------- d-----w c:\program files\Avanquest update
    2009-01-11 12:04 --------- d-----w c:\programdata\eMule
    2009-01-11 12:04 --------- d-----w c:\program files\eMule
    2009-01-11 12:02 --------- d-----w c:\program files\LimeWire
    2009-01-10 11:01 65,024 ----a-w c:\windows\IFinst26.exe
    2009-01-10 11:01 --------- d-----w c:\program files\XviD
    2009-01-10 11:01 --------- d-----w c:\program files\Lame MP3 Codec
    2009-01-10 11:00 --------- d-----w c:\users\acer\AppData\Roaming\DataCast
    2009-01-10 11:00 --------- d-----w c:\program files\Samsung
    2009-01-10 11:00 --------- d-----w c:\program files\MarkAny
    2009-01-10 10:52 --------- d-----w c:\program files\Google
    2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
    2009-01-04 08:25 --------- d-----w c:\program files\DivX
    2009-01-04 08:23 --------- d-----w c:\users\acer\AppData\Roaming\DivX
    2009-01-04 08:23 --------- d-----w c:\program files\Common Files\PX Storage Engine
    2009-01-04 00:08 --------- d-----w c:\program files\Common Files\Skype
    2009-01-04 00:08 --------- d-----w c:\program files\Bonjour
    2009-01-03 18:59 --------- d-----w c:\programdata\PC Drivers HeadQuarters
    2009-01-03 18:59 --------- d-----w c:\program files\PC Drivers HeadQuarters
    2009-01-03 16:25 --------- d-----w c:\program files\Logitech
    2008-12-29 15:03 --------- d-----w c:\program files\Bonjour(54)
    2008-12-21 16:59 --------- d-----w c:\users\acer\AppData\Roaming\HP
    2008-12-21 12:17 --------- d-----w c:\users\acer\AppData\Roaming\Logitech
    2008-12-21 12:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-12-21 12:12 --------- d-----w c:\programdata\Logitech
    2008-12-21 12:12 --------- d-----w c:\program files\Common Files\Logitech
    2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-15 15:20 --------- d-----w c:\programdata\Apple Computer
    2008-12-15 15:20 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-15 15:20 --------- d-----w c:\program files\iTunes
    2008-12-15 15:20 --------- d-----w c:\program files\iPod
    2008-12-15 15:20 --------- d-----w c:\program files\Common Files\Apple
    2008-12-15 15:17 --------- d-----w c:\program files\QuickTime
    2008-12-15 15:11 --------- d-----w c:\program files\Safari
    2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
    2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
    2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe
    2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
    2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll
    2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll
    2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
    2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
    2008-10-31 18:44 174 --sha-w c:\program files\desktop.ini
    2008-10-28 20:15 56 ---ha-w c:\users\All Users\ezsidmv.dat
    2008-10-28 20:15 56 ---ha-w c:\programdata\ezsidmv.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"="" [?]
    "?????????"="??????????????e" [?]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
    "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
    "MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-11 185872]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-21 688128]
    TrayMin220.lnk - c:\program files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2009-02-06 278528]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= c:\progra~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM
    "VIDC.JDCT"= jl_jdct.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logiciel Kodak EasyShare.lnk
    backup=c:\windows\pss\Logiciel Kodak EasyShare.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    path=c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    --a------ 2006-11-17 08:26 453120 c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    --------- 2008-07-10 10:22 397312 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-11-11 09:33 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
    "{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
    "{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
    "{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
    "{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
    "{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
    "{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
    "{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
    "{E9578D5D-1D23-4F6C-B84E-16BC402F0F2F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{964DAD70-B7D0-4088-A676-7730F0529E29}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{B199E570-7FDD-452C-A5B0-DEC43C2623B8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{56A696B7-673C-4B87-AD50-43DC626B1941}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
    "{1084E518-4FB5-4AF5-AAE9-F40FCEB8FB4B}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
    "{DE3AA7B4-AAEB-4491-BBA3-3BB74D0C0CD2}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
    "{6CA7C419-11F9-46C7-8689-51A136BE0409}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
    "{67230A94-5E94-418B-B0DA-30033C393570}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{CBC515E2-A3FE-49A2-8E45-13C229ED4C5A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{F831AD8E-C351-4132-8B5B-D9B197200AB0}"= UDP:c:\program files\Anuman Interactive\Code de la route\CODEDELAROUTE.exe:Code de la route
    "{154B5045-8968-4411-A1A5-9F53CC1C10A7}"= TCP:c:\program files\Anuman Interactive\Code de la route\CODEDELAROUTE.exe:Code de la route
    "{14B13542-07FB-4334-8FFD-52350EED4388}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
    "{0F932C4B-06B4-4544-B0C2-CAF95A5ED29C}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
    "TCP Query User{729A145D-BDE8-4A55-AD87-ADCBD33CBA22}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{D1808AEB-BEE4-4317-A2A7-1D9EAFFACA81}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "{72F5EF7D-457B-45DE-AAB3-F2BA9D04241D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "TCP Query User{C62A6EE6-054A-4DD0-80CC-098C64242DAB}c:\\program files\\hercules\\classic silver\\station2.exe"= UDP:c:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
    "UDP Query User{063166FB-52B8-42FA-846A-8A2F929DE931}c:\\program files\\hercules\\classic silver\\station2.exe"= TCP:c:\program files\hercules\classic silver\station2.exe:Hercules Webcam Station Evolution
    "TCP Query User{041E6FA8-15E2-4FA0-9DDF-C7B6D44DACA6}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
    "UDP Query User{187430B2-14C4-4C19-85E7-16AA003E4B55}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood

    R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120]
    R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
    S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-07-10 15872]
    S3 camfilt2;camfilt2;c:\windows\System32\drivers\camfilt2.sys [2009-02-07 94720]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [2008-11-18 13352]
    S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [2007-11-02 83496]
    S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\System32\drivers\s916mdfl.sys [2007-11-02 15016]
    S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\System32\drivers\s916mdm.sys [2007-11-02 109992]
    S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-03-14 47984]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{064da16f-b89a-11dd-9f7a-806e6f6e6963}]
    \shell\AutoRun\command - K:\Autorun.exe /run
    \shell\Shell00\Command - K:\Autorun.exe /run
    \shell\Shell01\Command - K:\Autorun.exe /action
    \shell\Shell02\Command - K:\Autorun.exe /uninstall

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9fea59-cb92-11dd-8db1-001060ec020a}]
    \shell\AutoRun\command - L:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef96e24-a52c-11dd-81d0-001060ec020a}]
    \shell\AutoRun\command - F:\LaunchU3.exe
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-Acer Tour - (no file)
    HKLM-Run-eRecoveryService - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\s7ao3c17.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-15 18:14:32
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(1968)
    c:\program files\Logitech\SetPoint\GameHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\program files\MarkAny\ContentSafer\MaCSProHook.DLL
    .
    Heure de fin: 2009-02-15 18:17:31
    ComboFix-quarantined-files.txt 2009-02-15 17:17:28

    Avant-CF: 43 263 373 312 octets libres
    Après-CF: 43,315,544,064 octets libres

    296 --- E O F --- 2009-02-13 14:21:53
    a b 8 Sécurité
    16 Février 2009 14:37:11

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    File::
    C:\Windows\system32\ActiveToolBand.dll


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • Tu devras accepter la licence.

    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS