Votre question

Pop up sgipsul

Tags :
  • Anti malware
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Janvier 2009 22:35:03

Salut a tous. Je suis nouveau ici mais j'ai toujours fais reference a ce site pour tout mes problemes auparavant, mais cette fois ci, j'ai besoin de boucoup plus d'aide. Je n'arrive pas a me debarasser de ce pop-up du site de sagipsul. En faisant de la lecture sur ce site, j'ai crus comprendre que c'etais un virus.

J'ai fais un hijackthis, mais je ne sais pas comment le lire et c'est pour cela que j'ai besoin de votre aide.

J'ai besoin de savoir comment vous envoyer mon rapport.

Merci de vorte aide.

Autres pages sur : pop sgipsul

5 Janvier 2009 19:22:12

Bonjour encore une fois.

Bon voila. En fesant de la lecture je me suis rendu compte que javais des malwares. Mon anti-virus (Avast!) ma rapporter plusieurs malwares et virus.

J'ai suivi le conseil de juliejolie59 et j'ai telecharger le programme malwarebyte's. Je me suis retrouver avec un probleme durant l'instalation.
J'ai recu un message d'erreur disant "Impossible d'enregistrer la bibliotheque DLL/OCX : RegSvr32 a echoue et a retourner le code d'erreur 0x3".

Avec ce probleme, le programme n'a pas pu terminer son installation.

Ceci n'est qu'une exemple de probleme que je rencontre. Je crois que j'ai besoin d'un serieux nettoyage.

J'attend vos conseils.

Merci de m'aider.
Contenus similaires
6 Janvier 2009 06:02:52

Bonjour,
Faut que vous installez cette DDL dans le répertoire «C:\Windows\System 32», cliquez ici pour téléchargez cette DDL. Dézippez la DDL et faites un copier/copier dans «C:\Windows\System 32». Votre problème sera résolu et faites moi savoir si vous avez réussi a enlever les malwares.
7 Janvier 2009 03:36:56

Merci julielolie59, mais le conseil que vous m'aver donner n'a pas fonctionné.

J'ai copier/coller le dll et j'ai toujours le meme message d'erreur.

Ya t'il peut-etre un autre programme pour les malwares qui serait comparable?

Merci.
7 Janvier 2009 14:18:22

bonjour
poste pour suivre
8 Janvier 2009 00:19:31

Salut Sham_Rock. Je suis desole mais je ne comprend pas ce que tu veux dire par "poste pour suivre".

Joliejulie59, j'ai c'est deux programe déja et j'ai tente d'enlever ce que tout ce qu'ils on trouver comme virus et malwares, mais encore le probleme de sagipsul.
8 Janvier 2009 07:31:44

Bonjour Charpmen1,
Posté le rapport générer par ces deux logiciels (c'est ce que Sham_Rock voulait dire).

8 Janvier 2009 20:38:22

bonsoir
Citation :
J'ai fais un hijackthis, mais je ne sais pas comment le lire et c'est pour cela que j'ai besoin de votre aide.

je préférerais voir ce rapport stp :) 
9 Janvier 2009 03:13:46

Bonsoir Sham_Rock. Excuse mon innocence! Je comprend ce que tu veux dire maintenant. Alors voici ce dit rapport:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:05, on 2009-01-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VCOM\PowerDesk\PDExplo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.ca.acer.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {aa5c8d7d-c2b4-c028-a524-408159f80a25} - {52a08f95-1804-425a-820c-4b2cd7d8c5aa} - C:\WINDOWS\system32\gjsdul.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: adzgalore - {a2484b6e-1d13-0785-a14b-12ba76b2a958} - C:\WINDOWS\system32\nsp1E4.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [301b9408] rundll32.exe "C:\WINDOWS\system32\glhyyfyq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{121B7B62-F64C-49A6-BFCE-6D196DE0BE1F}: NameServer = 207.96.217.251,207.96.217.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{121B7B62-F64C-49A6-BFCE-6D196DE0BE1F}: NameServer = 207.96.217.251,207.96.217.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{121B7B62-F64C-49A6-BFCE-6D196DE0BE1F}: NameServer = 207.96.217.251,207.96.217.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{121B7B62-F64C-49A6-BFCE-6D196DE0BE1F}: NameServer = 207.96.217.251,207.96.217.252
O17 - HKLM\System\CS4\Services\Tcpip\..\{121B7B62-F64C-49A6-BFCE-6D196DE0BE1F}: NameServer = 207.96.217.251,207.96.217.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: gjsdul.dll
O20 - Winlogon Notify: fccaXPhG - fccaXPhG.dll (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9133 bytes
9 Janvier 2009 23:21:17

Bonsoir

1

désactive le module self defense d'avast avant de faire ce qui suit:

Clic-droit sur l'icône d'Avast! près de l'horloge >> "Réglages du programme..."

- Option "Dépannage" (au bas à gauche)

- Cocher "Désactiver le module self-defense d'avast!" >> "Ok"

2


Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer


ajoute un nouveau rapport Hijackthis.
10 Janvier 2009 20:27:04

Merci de ton temps Sham_Rock. Alors voila j'ai suivi tes directives a la lettre et voila ce que ca ma donné.

ComboFix 09-01-10.01 - Shawn 2009-01-10 13:50:40.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.141 [GMT -5:00]
Running from: c:\documents and settings\Shawn\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090109-0] *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\adJRrtwa.ini
c:\windows\system32\adJRrtwa.ini2
c:\windows\system32\ckrcufqe.dll
c:\windows\system32\cont_adzgalore-remove.exe
c:\windows\system32\fccaXPhG.dll_old
c:\windows\system32\hifsnvjo.dll
c:\windows\system32\hogbqgms.ini
c:\windows\system32\java2.sys c:\windows\system32\snjava.dll
c:\windows\system32\kmoUtBeg.ini
c:\windows\system32\kmoUtBeg.ini2
c:\windows\system32\mqanfrgr.dll
c:\windows\system32\msrdo20.dll
c:\windows\system32\qyfyyhlg.ini
c:\windows\system32\rdocurs.dll
c:\windows\system32\upyydsmv.ini
c:\windows\system32\wictrhnj.ini
c:\windows\system32\wqcimrvl.ini
c:\windows\system32\xkrkoyot.ini
c:\windows\system32\xyxpgc.dll
c:\windows\system32\yednejun.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-09 06:50 . 2009-01-09 06:50 <DIR> d-------- C:\VundoFix Backups
2009-01-08 21:15 . 2009-01-08 21:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 21:15 . 2009-01-08 21:15 <DIR> d-------- c:\documents and settings\Shawn\Application Data\Malwarebytes
2009-01-08 21:15 . 2009-01-08 21:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-08 21:15 . 2009-01-04 18:39 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-08 21:15 . 2009-01-04 18:39 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 21:11 . 2004-02-23 01:00 1,386,496 --a------ c:\windows\system32\MSVBVM60.DLL
2009-01-07 19:11 . 2009-01-07 19:11 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-01-07 19:11 . 2009-01-07 19:11 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-07 19:11 . 2008-12-11 07:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-01-07 19:08 . 2009-01-07 19:08 <DIR> d-------- c:\documents and settings\Shawn\Application Data\TuneUp Software
2009-01-07 19:07 . 2009-01-07 19:07 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-01-07 19:07 . 2009-01-07 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-07 19:06 . 2009-01-07 19:07 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-06 21:22 . 2004-01-22 00:35 40,960 --a------ c:\windows\system32\SSubTmr6.dll
2009-01-06 21:11 . 2009-01-06 21:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-04 16:07 . 2009-01-04 16:07 <DIR> d-------- c:\program files\Trend Micro
2008-12-26 11:11 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-26 11:11 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-26 11:10 . 2008-12-26 11:10 <DIR> d-------- c:\program files\iTunes
2008-12-26 11:10 . 2008-12-26 11:10 <DIR> d-------- c:\program files\iPod
2008-12-26 11:10 . 2008-12-26 11:10 <DIR> d-------- c:\program files\Bonjour
2008-12-26 11:10 . 2008-12-26 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-26 11:08 . 2008-12-26 11:08 <DIR> d-------- c:\program files\QuickTime
2008-12-26 11:06 . 2008-12-26 11:06 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-26 11:06 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-21 15:20 . 2008-12-21 15:20 <DIR> d-------- c:\documents and settings\Shawn\iWizz
2008-12-21 15:19 . 2008-12-21 15:19 <DIR> d-------- c:\documents and settings\Shawn\.bitrock
2008-12-16 06:07 . 2008-12-16 06:07 <DIR> d-------- c:\documents and settings\Shawn\Application Data\Nikon
2008-12-16 06:06 . 2008-12-16 06:06 <DIR> d-------- c:\program files\Nikon
2008-12-16 06:06 . 2008-12-16 06:06 <DIR> d-------- c:\program files\Common Files\Nikon
2008-12-16 06:06 . 2008-12-16 06:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nikon
2008-12-16 06:05 . 2008-12-16 06:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ultima_T15
2008-12-16 06:05 . 2008-12-16 06:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\EnterNHelp
2008-12-16 06:05 . 2008-12-16 06:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Application
2008-12-16 06:05 . 2009-01-10 12:57 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2008-12-16 06:03 . 2008-12-16 06:03 <DIR> d-------- c:\program files\ArcSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-06 18:22 --------- d-----w c:\documents and settings\Shawn\Application Data\U3
2008-11-10 10:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-24 12:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 17:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-01-05 16:19 654,336 ----a-w c:\program files\mozilla firefox\components\nsadzgalore.dll
2008-09-04 22:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-23 602112]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Shawn\Start Menu\Programs\Startup\
Dialog Helper.lnk - c:\program files\VCOM\PowerDesk\pddlghlp.exe [2005-11-04 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2008-10-25 155648]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=gjsdul.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 c:\acer\Empowering Technology\ePresentation\ePresentation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-12 17:13 21741864 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-03 13:07 761946 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 00:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\JRE6\\BIN\\java.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-01 20560]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-07 603904]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-05-08 347648]
S4 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S4 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af26391c-d2a5-11dd-b4d8-0016d45629e3}]
\Shell\AutoRun\command - F:\DigitalPhotoKeychain.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3518fe4-c3c2-11dd-b4c5-0016d45629e3}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 15:36]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ares - c:\program files\Ares\Ares.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://en.ca.acer.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {121B7B62-F64C-49A6-BFCE-6D196DE0BE1F} = 207.96.217.251,207.96.217.252
FF - ProfilePath - c:\documents and settings\Shawn\Application Data\Mozilla\Firefox\Profiles\p1qwzwc8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsadzgalore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www3.yoog.com/search.php?q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 13:58:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2100)
c:\program files\VCOM\PowerDesk\pddlghlp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\windows\system32\DVDRAMSV.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
.
**************************************************************************
.
Completion time: 2009-01-10 14:03:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-10 19:03:24

Pre-Run: 23 346 511 872 bytes free
Post-Run: 23,348,969,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

258 --- E O F --- 2008-12-18 08:00:48


Ceci est le rapport de combofix (Je suis sur que tu t'en etais appercu facilement :)  )

Maintenant voici le rapport de hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:23, on 2009-01-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.ca.acer.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{121B7B62-F64C-49A6-BFCE-6D196DE0BE1F}: NameServer = 207.96.217.251,207.96.217.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{121B7B62-F64C-49A6-BFCE-6D196DE0BE1F}: NameServer = 207.96.217.251,207.96.217.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{121B7B62-F64C-49A6-BFCE-6D196DE0BE1F}: NameServer = 207.96.217.251,207.96.217.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: gjsdul.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8625 bytes

Cela fais beaucoup en meme temps...

Jespere qu'apres tout ca je vais enfin m'etre debarasser de ce maudit malware.


Encore merci!

Charpmen.

11 Janvier 2009 00:00:50

re

1

Copie (Ctrl+C) le texte ci-dessous :
Folder::
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


    2

    Voilà ce que je te propose, tu vas remplacer Avast! par Antivir, qui est gratuit aussi mais beaucoup plus efficace, tu vas faire un scan avec et poster le rapport. :) 


    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->Tuto<--


    Pourquoi changer ? : Avast! vs Antivir
    mais aussi:
    14 antivirus au banc d'essai
    Citation :
    Antivir : le plus efficace des gratuits


    13 Janvier 2009 02:06:38

    Salut Sham_Rock. Voici mon deuxieme rapport. J'ai fais ce que tu ma suggere et avec combofix et maintenant je vais supprimer avast et le remplacer par antivir.

    ComboFix 09-01-11.04 - Shawn 2009-01-12 19:47:18.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.153 [GMT -5:00]
    Running from: c:\documents and settings\Shawn\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Shawn\Desktop\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\VundoFix Backups

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
    .

    2009-01-10 15:25 . 2009-01-10 15:25 <DIR> d-------- C:\Contacts
    2009-01-10 15:24 . 2009-01-10 15:24 <DIR> d-------- C:\iPod_Control
    2009-01-10 15:23 . 2009-01-10 15:23 <DIR> d-------- c:\program files\EphPod
    2009-01-08 21:15 . 2009-01-08 21:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-08 21:15 . 2009-01-08 21:15 <DIR> d-------- c:\documents and settings\Shawn\Application Data\Malwarebytes
    2009-01-08 21:15 . 2009-01-08 21:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-08 21:15 . 2009-01-04 18:39 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-08 21:15 . 2009-01-04 18:39 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-08 21:11 . 2004-02-23 01:00 1,386,496 --a------ c:\windows\system32\MSVBVM60.DLL
    2009-01-07 19:11 . 2009-01-07 19:11 603,904 --a------ c:\windows\system32\TUProgSt.exe
    2009-01-07 19:11 . 2009-01-07 19:11 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-07 19:11 . 2008-12-11 07:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
    2009-01-07 19:08 . 2009-01-07 19:08 <DIR> d-------- c:\documents and settings\Shawn\Application Data\TuneUp Software
    2009-01-07 19:07 . 2009-01-07 19:07 <DIR> d-------- c:\program files\TuneUp Utilities 2009
    2009-01-07 19:07 . 2009-01-07 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-07 19:06 . 2009-01-07 19:07 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-01-06 21:22 . 2004-01-22 00:35 40,960 --a------ c:\windows\system32\SSubTmr6.dll
    2009-01-06 21:11 . 2009-01-06 21:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2009-01-04 16:07 . 2009-01-04 16:07 <DIR> d-------- c:\program files\Trend Micro
    2008-12-26 11:11 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
    2008-12-26 11:11 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
    2008-12-26 11:10 . 2008-12-26 11:10 <DIR> d-------- c:\program files\iTunes
    2008-12-26 11:10 . 2008-12-26 11:10 <DIR> d-------- c:\program files\iPod
    2008-12-26 11:10 . 2008-12-26 11:10 <DIR> d-------- c:\program files\Bonjour
    2008-12-26 11:10 . 2008-12-26 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-26 11:08 . 2008-12-26 11:08 <DIR> d-------- c:\program files\QuickTime
    2008-12-26 11:06 . 2008-12-26 11:06 <DIR> d-------- c:\program files\Common Files\Apple
    2008-12-26 11:06 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
    2008-12-21 15:20 . 2008-12-21 15:20 <DIR> d-------- c:\documents and settings\Shawn\iWizz
    2008-12-21 15:19 . 2008-12-21 15:19 <DIR> d-------- c:\documents and settings\Shawn\.bitrock
    2008-12-16 06:07 . 2008-12-16 06:07 <DIR> d-------- c:\documents and settings\Shawn\Application Data\Nikon
    2008-12-16 06:06 . 2008-12-16 06:06 <DIR> d-------- c:\program files\Nikon
    2008-12-16 06:06 . 2008-12-16 06:06 <DIR> d-------- c:\program files\Common Files\Nikon
    2008-12-16 06:06 . 2008-12-16 06:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nikon
    2008-12-16 06:05 . 2008-12-16 06:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ultima_T15
    2008-12-16 06:05 . 2008-12-16 06:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\EnterNHelp
    2008-12-16 06:05 . 2008-12-16 06:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Application
    2008-12-16 06:05 . 2009-01-10 12:57 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
    2008-12-16 06:03 . 2008-12-16 06:03 <DIR> d-------- c:\program files\ArcSoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
    2008-12-06 18:22 --------- d-----w c:\documents and settings\Shawn\Application Data\U3
    2008-11-10 10:43 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-10-24 12:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
    2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-10-15 17:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2009-01-05 16:19 654,336 ----a-w c:\program files\mozilla firefox\components\nsadzgalore.dll
    2008-09-04 22:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-10_14.01.12.91 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
    + 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
    + 2009-01-10 20:18:10 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_1e0.dat
    + 2009-01-10 20:17:08 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_6fc.dat
    + 2009-01-10 20:17:26 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_7f0.dat
    + 2009-01-10 20:17:34 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_8ac.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 53248]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
    "Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-23 602112]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-27 c:\windows\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

    c:\documents and settings\Shawn\Start Menu\Programs\Startup\
    Dialog Helper.lnk - c:\program files\VCOM\PowerDesk\pddlghlp.exe [2005-11-04 40960]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2008-10-25 155648]
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
    --a------ 2006-03-31 16:39 204800 c:\acer\Empowering Technology\ePresentation\ePresentation.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
    --a------ 2005-05-11 17:15 45056 c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-08-12 17:13 21741864 c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2006-03-03 13:07 761946 c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    --a------ 2006-05-16 00:04 2879488 c:\windows\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Java\\JRE6\\BIN\\java.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 111184]
    R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-01 20560]
    R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-07 603904]
    S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-05-08 347648]
    S4 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
    S4 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af26391c-d2a5-11dd-b4d8-0016d45629e3}]
    \Shell\AutoRun\command - F:\DigitalPhotoKeychain.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3518fe4-c3c2-11dd-b4c5-0016d45629e3}]
    \Shell\AutoRun\command - F:\LaunchU3.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-13 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 15:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://en.ca.acer.yahoo.com
    uInternet Connection Wizard,ShellNext = hxxp://en.ca.acer.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: {121B7B62-F64C-49A6-BFCE-6D196DE0BE1F} = 207.96.217.251,207.96.217.252
    FF - ProfilePath - c:\documents and settings\Shawn\Application Data\Mozilla\Firefox\Profiles\p1qwzwc8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www3.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
    FF - component: c:\program files\Mozilla Firefox\components\nsadzgalore.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www3.yoog.com/search.php?q=
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-12 19:50:21
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(884)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2009-01-12 19:53:22
    ComboFix-quarantined-files.txt 2009-01-13 00:53:18
    ComboFix2.txt 2009-01-10 19:03:42

    Pre-Run: 22 862 168 064 bytes free
    Post-Run: 22,839,689,216 bytes free

    211 --- E O F --- 2008-12-18 08:00:48

    Merci
    13 Janvier 2009 22:26:38

    bonsoir
    poste ton rapport antivir ;) 
    15 Janvier 2009 19:10:19

    Voici mon rapport de antivir.




    Avira AntiVir Personal
    Date de création du fichier de rapport : 12 janvier 2009 20:29

    La recherche porte sur 1189198 souches de virus.

    Détenteur de la licence :Avira AntiVir PersonalEdition Classic
    Numéro de série : 0000149996-ADJIE-0001
    Plateforme : Windows XP
    Version de Windows :( Service Pack 3) [5.1.2600]
    Mode Boot : Démarré normalement
    Identifiant : SYSTEM
    Nom de l'ordinateur :ACER-C28991BD48

    Informations de version :
    BUILD.DAT : 8.2.0.52 16931 Bytes 12/2/2008 14:55:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:02
    AVSCAN.DLL : 8.1.4.1 49921 Bytes 7/21/2008 19:44:28
    LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:18
    LUKERES.DLL : 8.1.4.0 13057 Bytes 7/4/2008 13:30:28
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:38
    ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 12/24/2008 01:26:26
    ANTIVIR2.VDF : 7.1.1.88 726528 Bytes 1/8/2009 01:26:52
    ANTIVIR3.VDF : 7.1.1.104 222208 Bytes 1/12/2009 01:27:00
    Version du moteur: 8.2.0.54
    AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 16:05:58
    AESCRIPT.DLL : 8.1.1.24 340348 Bytes 1/13/2009 01:27:46
    AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 21:06:42
    AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:40
    AEPACK.DLL : 8.1.3.5 393588 Bytes 1/13/2009 01:27:44
    AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/13/2009 01:27:38
    AEHEUR.DLL : 8.1.0.78 1532280 Bytes 1/13/2009 01:27:36
    AEHELP.DLL : 8.1.2.0 119159 Bytes 1/13/2009 01:27:16
    AEGEN.DLL : 8.1.1.8 323956 Bytes 1/13/2009 01:27:14
    AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:58
    AECORE.DLL : 8.1.5.2 172405 Bytes 1/13/2009 01:27:06
    AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:58
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:04
    AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:00
    AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:16
    AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:38
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:20
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:48
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:04
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:38
    NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:08
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 7/4/2008 13:23:18
    RCTEXT.DLL : 8.0.52.1 86273 Bytes 7/17/2008 16:08:44

    Configuration pour la recherche actuelle :
    Nom de la tâche..................: Contrôle intégral du système
    Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Documentation....................: bas
    Action principale................: interactif
    Action secondaire................: ignorer
    Recherche sur les secteurs d'amorçage maître: marche
    Recherche sur les secteurs d'amorçage: marche
    Secteurs d'amorçage..............: C:, D:,
    Recherche dans les programmes actifs: marche
    Recherche en cours sur l'enregistrement: marche
    Recherche de Rootkits............: arrêt
    Fichier mode de recherche........: Sélection de fichiers intelligente
    Recherche sur les archives.......: marche
    Limiter la profondeur de récursivité: 20
    Archive Smart Extensions.........: marche
    Heuristique de macrovirus........: marche
    Heuristique fichier..............: moyen

    Début de la recherche : 12 janvier 2009 20:29

    La recherche sur les processus démarrés commence :
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'CLI.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'dllhost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'mcrdsvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'TUProgSt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'MDM.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'JQS.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'ehSched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ehRecvr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'DVDRAMSV.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'MemCheck.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PDDLGHLP.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'NkMonitor.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'RAMASST.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'CTFMON.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'CLI.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'JUSCHED.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'eRAgent.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'LManager.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ePower_DMC.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'RTHDCPL.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'EHMSAS.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'EHTRAY.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'EXPLORER.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'SPOOLSV.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'ATI2EVXX.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'SVCHOST.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'ATI2EVXX.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'LSASS.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'SERVICES.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'WINLOGON.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'CSRSS.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'SMSS.EXE' - '1' module(s) sont contrôlés
    '51' processus ont été contrôlés avec '51' modules

    La recherche sur les secteurs d'amorçage maître commence :
    Secteur d'amorçage maître HD0
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD1
    [INFO] Aucun virus trouvé !

    La recherche sur les secteurs d'amorçage commence :
    Secteur d'amorçage 'C:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'D:\'
    [INFO] Aucun virus trouvé !

    La recherche sur les renvois aux fichiers exécutables (registre) commence.
    Le registre a été contrôlé ( '75' fichiers).


    La recherche sur les fichiers sélectionnés commence :

    Recherche débutant dans 'C:\' <ACER>
    C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    C:\hiberfil.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    C:\System Volume Information\_restore{099D30DC-C26B-4E90-9285-C34D0601D32B}\RP243\A0035770.dll
    [RESULTAT] Contient le cheval de Troie TR/Monder.aips
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499c0508.qua' !
    C:\System Volume Information\_restore{099D30DC-C26B-4E90-9285-C34D0601D32B}\RP243\A0035771.dll
    [RESULTAT] Contient le cheval de Troie TR/Agent.bbyr
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499c050b.qua' !
    C:\System Volume Information\_restore{099D30DC-C26B-4E90-9285-C34D0601D32B}\RP243\A0035773.dll
    [RESULTAT] Contient le cheval de Troie TR/Vundo.103424R.1
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499c053f.qua' !
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fccaXPhG.dll_old.vir
    [RESULTAT] Contient le cheval de Troie TR/Monderb.acgx
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49cf785b.qua' !
    Recherche débutant dans 'D:\'


    Fin de la recherche : 13 janvier 2009 06:17
    Temps nécessaire: 9:47:50 Heure(s)

    La recherche a été effectuée intégralement

    6944 Les répertoires ont été contrôlés
    366257 Des fichiers ont été contrôlés
    4 Des virus ou programmes indésirables ont été trouvés
    0 Des fichiers ont été classés comme suspects
    0 Des fichiers ont été supprimés
    0 Des virus ou programmes indésirables ont été réparés
    4 Les fichiers ont été déplacés dans la quarantaine
    0 Les fichiers ont été renommés
    2 Impossible de contrôler des fichiers
    366251 Fichiers non infectés
    8046 Les archives ont été contrôlées
    2 Avertissements
    4 Consignes

    Je voulais savoir, quand le programme detecte un virus et me demande si je veux le supprimer ou le mettre en quarantaine, qu'est-ce que je devrais faire?

    Merci.
    15 Janvier 2009 20:35:18

    bonsoir
    Citation :
    Je voulais savoir, quand le programme detecte un virus et me demande si je veux le supprimer ou le mettre en quarantaine, qu'est-ce que je devrais faire?

    tu le mets en quarantaine.

    Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  • Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
    16 Janvier 2009 18:42:39

    Salut Sham_Rock. Un gros merci pour le temps que tu prends a m'aider. Tout ces rapports... ça demande du temps pour les analysers.
    En plus tu en redemade toujours un de plus.

    Voici le rapport de RSIT.

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Shawn at 2009-01-16 12:31:30
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 22 GB (48%) free of 45 GB
    Total RAM: 446 MB (20% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:31:52, on 2009-01-16
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Shawn\Programe\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Shawn.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.ca.acer.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{121B7B62-F64C-49A6-BFCE-6D196DE0BE1F}: NameServer = 207.96.217.251,207.96.217.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{121B7B62-F64C-49A6-BFCE-6D196DE0BE1F}: NameServer = 207.96.217.251,207.96.217.252
    O17 - HKLM\System\CS2\Services\Tcpip\..\{121B7B62-F64C-49A6-BFCE-6D196DE0BE1F}: NameServer = 207.96.217.251,207.96.217.252
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

    --
    End of file - 8473 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\1-Click Maintenance.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
    "AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-04-14 53248]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-27 16248320]
    "ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-05-30 421888]
    "Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]
    "LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-06-23 602112]
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
    "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 204800]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
    C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    C:\Program Files\Skype\Phone\Skype.exe [2008-08-12 21741864]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe
    Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

    C:\Documents and Settings\Shawn\Start Menu\Programs\Startup
    Dialog Helper.lnk - C:\Program Files\VCOM\PowerDesk\pddlghlp.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-07-18 86016]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Java\JRE6\BIN\java.exe"="C:\Program Files\Java\JRE6\BIN\java.exe:*:Enabled:Java(TM) Platform SE binary"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af26391c-d2a5-11dd-b4d8-0016d45629e3}]
    shell\AutoRun\command - F:\DigitalPhotoKeychain.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3518fe4-c3c2-11dd-b4c5-0016d45629e3}]
    shell\AutoRun\command - F:\LaunchU3.exe


    ======List of files/folders created in the last 1 months======

    2009-01-16 12:31:30 ----D---- C:\rsit
    2009-01-14 18:52:09 ----HD---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-12 20:23:37 ----D---- C:\Program Files\Avira
    2009-01-12 20:23:37 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-01-12 19:53:24 ----A---- C:\ComboFix.txt
    2009-01-10 15:25:02 ----D---- C:\Contacts
    2009-01-10 15:24:41 ----D---- C:\iPod_Control
    2009-01-10 15:23:38 ----D---- C:\Program Files\EphPod
    2009-01-10 13:50:07 ----A---- C:\Boot.bak
    2009-01-10 13:50:02 ----RASHD---- C:\cmdcons
    2009-01-10 13:47:35 ----A---- C:\WINDOWS\zip.exe
    2009-01-10 13:47:35 ----A---- C:\WINDOWS\VFIND.exe
    2009-01-10 13:47:35 ----A---- C:\WINDOWS\SWREG.exe
    2009-01-10 13:47:35 ----A---- C:\WINDOWS\sed.exe
    2009-01-10 13:47:35 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-01-10 13:47:35 ----A---- C:\WINDOWS\grep.exe
    2009-01-10 13:47:35 ----A---- C:\WINDOWS\fdsv.exe
    2009-01-10 13:47:34 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-01-10 13:47:34 ----A---- C:\WINDOWS\SWSC.exe
    2009-01-10 13:47:23 ----D---- C:\WINDOWS\ERDNT
    2009-01-10 13:47:23 ----D---- C:\Qoobox
    2009-01-09 06:50:38 ----A---- C:\VundoFix.txt
    2009-01-08 21:15:54 ----D---- C:\Documents and Settings\Shawn\Application Data\Malwarebytes
    2009-01-08 21:15:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-01-08 21:15:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-01-08 21:11:03 ----A---- C:\WINDOWS\system32\MSVBVM60.DLL
    2009-01-07 19:11:46 ----A---- C:\WINDOWS\system32\TUProgSt.exe
    2009-01-07 19:11:45 ----A---- C:\WINDOWS\system32\uxtuneup.dll
    2009-01-07 19:11:43 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
    2009-01-07 19:08:19 ----D---- C:\Documents and Settings\Shawn\Application Data\TuneUp Software
    2009-01-07 19:07:34 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2009-01-07 19:07:31 ----D---- C:\Program Files\TuneUp Utilities 2009
    2009-01-07 19:06:59 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-01-06 21:22:04 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
    2009-01-06 21:11:36 ----D---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2009-01-04 16:07:34 ----D---- C:\Program Files\Trend Micro
    2008-12-29 22:12:54 ----A---- C:\WINDOWS\system32\3b385076-.txt
    2008-12-26 11:11:23 ----A---- C:\WINDOWS\system32\GEARAspi.dll
    2008-12-26 11:10:54 ----D---- C:\Program Files\iPod
    2008-12-26 11:10:42 ----D---- C:\Program Files\iTunes
    2008-12-26 11:10:42 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-26 11:10:05 ----D---- C:\Program Files\Bonjour
    2008-12-26 11:08:39 ----D---- C:\Program Files\QuickTime
    2008-12-26 11:06:03 ----D---- C:\Program Files\Common Files\Apple
    2008-12-23 14:48:26 ----D---- C:\Program Files\Adobe

    ======List of files/folders modified in the last 1 months======

    2009-01-14 18:56:42 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
    2009-01-13 17:10:00 ----N---- C:\WINDOWS\SchedLgU.Txt
    2009-01-12 19:50:26 ----A---- C:\WINDOWS\system.ini
    2009-01-10 13:50:08 ----RASH---- C:\boot.ini
    2009-01-09 20:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-21 11:33:26 ----A---- C:\WINDOWS\NeroDigital.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 36864]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R2 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []
    R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
    R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
    R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
    R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
    R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-01-24 488448]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-07-18 1621504]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 Cam5603D;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-05-12 806272]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]
    R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-05-24 61056]
    R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-05-24 40064]
    R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-05-24 74752]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-06-11 990592]
    R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-06-11 208384]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-27 4304384]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-06-01 6144]
    R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192672]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-06-11 727808]
    S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-13 31744]
    S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
    S2 eLock2FSCTLDriver;eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
    S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 347648]
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 catchme;catchme; \??\C:\DOCUME~1\Shawn\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
    S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2006-01-11 194048]
    S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
    S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-07-18 401408]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
    R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-12-31 322120]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-01-07 603904]
    R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2002-12-31 89136]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-07 360192]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------

    info.txt logfile of random's system information tool 1.05 2009-01-16 12:32:00

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF18108B-E5D8-4EE9-96D4-DB9B9A311780}\setup.exe" -l0x9
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
    Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
    Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
    Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x9
    Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x9 -removeonly
    Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
    Acer OrbiCam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\Setup.EXE" -l0x40c
    Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
    Ad-Aware SE Professional-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x40c
    ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->MsiExec.exe /I{14C8B4D9-E917-4319-83E0-5A42EC6CBB7D}
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
    ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Browser Extension Tool Cpmsky-->C:\WINDOWS\system32\kdbxamggdprciorjm.exe
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    DVD-MovieAlbumSE 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A9E601-0E82-11D5-AE91-444553540000}\Setup.exe" -l0xc0c UNINSTALL
    DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
    GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Launch Manager-->C:\WINDOWS\UnInst32.exe LManager.UNI
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
    Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
    NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
    NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
    Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
    PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
    PowerDesk 6-->MsiExec.exe /I{B93251B5-9209-4DAB-867C-AA98D91584CD}
    PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.EXE" -uninstall
    PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
    PVRLoader-->D:\PVRLoader\unins000.exe
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SMSC IrCC V5.1.3600.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL
    Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2BFA&SUBSYS_1025009F\HXFSETUP.EXE -U -IAcrS09Fp.inf
    Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPINST.EXE /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Yahoo! Toolbar-->C:\PROGRA~1\YAHOO!\COMMON\unyt.exe

    ======Security center information======

    AV: Avira AntiVir PersonalEdition Classic

    System event log

    Computer Name: ACER-C28991BD48
    Event Code: 7035
    Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

    Record Number: 16813
    Source Name: Service Control Manager
    Time Written: 20081025171359.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: ACER-C28991BD48
    Event Code: 7036
    Message: The IMAPI CD-Burning COM Service service entered the stopped state.

    Record Number: 16812
    Source Name: Service Control Manager
    Time Written: 20081025171230.000000-240
    Event Type: information
    User:

    Computer Name: ACER-C28991BD48
    Event Code: 7036
    Message: The IMAPI CD-Burning COM Service service entered the running state.

    Record Number: 16811
    Source Name: Service Control Manager
    Time Written: 20081025171224.000000-240
    Event Type: information
    User:

    Computer Name: ACER-C28991BD48
    Event Code: 7035
    Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

    Record Number: 16810
    Source Name: Service Control Manager
    Time Written: 20081025171224.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: ACER-C28991BD48
    Event Code: 7036
    Message: The IMAPI CD-Burning COM Service service entered the stopped state.

    Record Number: 16809
    Source Name: Service Control Manager
    Time Written: 20081025171153.000000-240
    Event Type: information
    User:

    Application event log

    Computer Name: ACER-C28991BD48
    Event Code: 0
    Message: PowerEvent handled successfully by the service.

    Record Number: 14601
    Source Name: AcerMemUsageCheckService
    Time Written: 20081207071816.000000-300
    Event Type: information
    User:

    Computer Name: ACER-C28991BD48
    Event Code: 0
    Message: PowerEvent handled successfully by the service.

    Record Number: 14600
    Source Name: AcerMemUsageCheckService
    Time Written: 20081207071746.000000-300
    Event Type: information
    User:

    Computer Name: ACER-C28991BD48
    Event Code: 0
    Message: PowerEvent handled successfully by the service.

    Record Number: 14599
    Source Name: AcerMemUsageCheckService
    Time Written: 20081207071646.000000-300
    Event Type: information
    User:

    Computer Name: ACER-C28991BD48
    Event Code: 0
    Message: PowerEvent handled successfully by the service.

    Record Number: 14598
    Source Name: AcerMemUsageCheckService
    Time Written: 20081207071616.000000-300
    Event Type: information
    User:

    Computer Name: ACER-C28991BD48
    Event Code: 0
    Message: PowerEvent handled successfully by the service.

    Record Number: 14597
    Source Name: AcerMemUsageCheckService
    Time Written: 20081207071546.000000-300
    Event Type: information
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=4802
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------


    Apparament les malwares et les spyware on un penchant pour mon portable. Je n'ai plus le popup de sagipsul, mais maintenant c'est au tour du spyware Adzgalor (CPMSKY) qui m'apparait.
    16 Janvier 2009 20:54:17

    bonsoir
    Citation :
    En plus tu en redemade toujours un de plus.

    Infection atypique ;) 

    Citation :
    Pour afficher les dossiers et fichiers cachés du système:
    Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système.

    Les fichiers et dossiers cachés du système apparaissent alors dans l'explorateur Windows en transparence.

    Virusscan
    Analyse ce fichier :


    c:\program files\Mozilla Firefox\components\nsadzgalore.dll

    Sur le site de virusscan

    http://virusscan.jotti.org/

    poste-nous le rapport.

    puis supprime-le, après avoir fermé Firefox.
    17 Janvier 2009 21:33:07

    Scan taken on 17 Jan 2009 20:29:05 (GMT)
    A-Squared
    Found nothing
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    CPsecure
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found nothing
    G DATA
    Found nothing
    Ikarus
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    Panda Antivirus
    Found nothing
    Sophos Antivirus
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found nothing



    Scanner Malware name
    A-Squared MonitoringTool!IK
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    CPsecure X
    Dr.Web Trojan.Keylog.102
    F-Prot Antivirus X
    F-Secure Anti-Virus X
    G DATA X
    Ikarus X
    Kaspersky Anti-Virus X
    NOD32 a variant of Win32/Spy.KeyLogger.NDD
    Norman Virus Control X
    Panda Antivirus X
    Sophos Antivirus X
    VirusBuster X
    VBA32 X
    17 Janvier 2009 21:37:29

    re

    tu l'as supprimé?
    comment se comporte ton pc?
    18 Janvier 2009 20:41:17

    Boujour Shan_Rock. Quand tu dis supprimer, est-ce que tu parles du fichier ou du rapport.

    Désoler de ne pas comprendre.

    Et pour ce qu'il est de mon portable, il va de mieux en mieux grace a tes conseilles. Merci beaucoup.
    19 Janvier 2009 21:17:39

    bonsoir
    je parle du fichier. :) 

    vérifions:
    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

  • Autorise les Active x.
  • Clique sur Démarrer Online Scanner.
  • Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
  • Colle son rapport ici.
  • Poste un nouveau rapport Hijackthis.

    Aide : Comment faire un scan en ligne avec Kaspersky .
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS