XP antispyware 2009 [Résolu]

Bonjour

Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

* Enregistre HJTInstall.exe sur ton bureau.

* Double-clique sur HJTInstall.exe pour lancer le programme

Tuto : http://www.malekal.com/tutorial_HijackThis.html
http://pagesperso-orange.fr/rginformatique/section%20virus/Hijenr.gif
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

* Accepte la license en cliquant sur le bouton "I Accept"
* Choisis l'option "Do a system scan and save a log file"
* Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
* Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

* Colle le rapport que tu viens de copier sur ce forum

antispyware 2009 est un virus espion(spyrware) débarasse toi de lui au plus vite.

bonjour

1-Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :

Aller dans démarrer puis panneau de configuration
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs"
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ...

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
http://www.malekal.com/tutorial_SDFix.php

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
http://www.coupdepoucepc.com/modules/news/article.php?storyi­d=253
http://www.micro-astuce.com/depannage/demarrer-mode-sans-ech­ec

• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

voici le rapport. et Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:43:33, on 05/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Laetitia\AppData\Local\Temp\xxx9951.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Laetitia\AppData\Local\Temp\~tmpd.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Laetitia\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\Laetitia\AppData\Local\Temp\xxx9951.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

as tu désactivé l UAC ?

clic droit sur RunThis.bat et fait executer en tant que administrateur dit moi si cela fonctionne

bon oublie sdfix il ne passe pas sous vista

fait ceci

A)- Tu utilises vista, tu dois donc aussi désactiver l'UAC avant d'utiliser ces logiciels.
Regarde ici pour savoir comment désactiver l'UAC sous vista

B)- Supprime éventuellement toute ancienne version de ComboFix de ton PC.
Télécharge ComboFix.exe (par sUBs) sur ton Bureau:
Clic-droit sur ce lien < http://download.bleepingcomputer.com/sUBs/ComboFix.exe >
Puis choisis "Enregistrer sous .." ==> vers le 'bureau"
==> Attention : renomme-le sous le nom « TRISTAN.EXE » (très important).
http://img212.imageshack.us/img212/3087/screenshot327qh5.png
Tu le nommes à ce moment-là, et non pas après l'avoir enregistré ; ce serait trop tard.
Puis clic sur [Enregistrer]

•- Avant d'utiliser ComboFix :
==> Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours.
==> Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil).

- Clic-droit sur l'icône de ComboFix.exe ( TRISTAN.EXE ) du bureau ==> choisir "Exécuter en tant que Administrateur", [Exécuter] et suivre les invites.

•- Si vous utilisez Windows Vista, et si vous recevez un avertissement de l'UAC (Contrôle de compte d'utilisateur) vous demandant si vous voulez continuer, il faut cliquer sur le bouton [Continuer].
- Réponds oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
Accepter les alertes éventuelles.
Laisse se dérouler le scan.

/!\ Pendant la durée de cette étape, ne te sers pas du pc et n'ouvre aucun programme.
Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisse-le faire.
- Un rapport s'ouvrira ensuite dans le bloc-notes sur le bureau.

Attention : Il est très probable que l'outil bloque à la fenêtre "Find3M" ; si c'est le cas, appuie simultanément sur les touches CTRL + ALT + DEL (Sup.), clique sur l'un des deux CF#####.exe (où ##### sont des chiffres aléatoires) et le rapport sera généré !

•- ==> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet.
Note: ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
Tu copies et colles ce rapport sur le forum

ayé il a débloqué ya une fenetre qui s'est ouverte "Find3M" et il me dit d'attendre pendant la création du rapport. Cela peut durer longtemps? et encore merci pour ton aide!

Voila je t'ai tout copié... je n'ai plus d'alerte ni d'icone dans ma barre de démarrage... donc a mon avis c'est bon je n'ai pus le virus. je te remercie pour ton aide et pour ton temps.



ComboFix 08-11-04.02 - Laetitia 2008-11-05 11:37:48.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2009 [GMT 1:00]
Lancé depuis: c:\users\Laetitia\Desktop\TRISTAN.EXE
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\vlc-0.9.4-win32.exe
c:\users\Laetitia\AppData\Roaming\.#
c:\users\Laetitia\AppData\Roaming\.#\MBX@161C@1CF2990.###
c:\users\Laetitia\AppData\Roaming\.#\MBX@161C@1CF29C0.###
c:\users\Laetitia\AppData\Roaming\.#\MBX@161C@1CF29F0.###

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-05 au 2008-11-05 ))))))))))))))))))))))))))))))))))))
.

2008-11-05 10:36 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Searches
2008-11-05 10:36 . 2008-11-05 10:36 <REP> d-------- c:\users\Secours\AppData\Roaming\Yahoo!
2008-11-05 10:36 . 2008-11-05 10:36 <REP> d-------- c:\users\Secours\AppData\Roaming\Validity
2008-11-05 10:36 . 2008-11-05 10:36 <REP> d-------- c:\users\Secours\AppData\Roaming\ATI
2008-11-05 10:36 . 2008-11-05 10:36 <REP> d-------- c:\users\All Users\Yahoo! Companion
2008-11-05 10:36 . 2008-11-05 10:36 <REP> d-------- c:\programdata\Yahoo! Companion
2008-11-05 10:36 . 2008-11-05 10:36 71,280 --a------ c:\windows\System32\GDIPFONTCACHEV1.DAT
2008-11-05 10:35 . 2008-11-05 10:35 <REP> dr------- c:\users\Secours\Contacts
2008-11-05 10:32 . 2008-11-05 10:01 1,528,982 --a------ c:\users\Public\SDFix.exe
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Videos
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Saved Games
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Pictures
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Music
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Links
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Downloads
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Documents
2008-11-05 10:26 . 2006-11-02 13:37 <REP> d-------- c:\users\Secours\AppData\Roaming\Media Center Programs
2008-11-05 10:26 . 2008-03-21 11:55 <REP> d-------- c:\users\Secours\AppData\Roaming\Acer GameZone Console
2008-11-05 10:26 . 2008-11-05 10:36 <REP> d--h----- c:\users\Secours\AppData
2008-11-05 10:26 . 2008-11-05 10:36 <REP> d-------- c:\users\Secours
2008-11-05 10:23 . 2008-11-05 11:09 <REP> d-------- C:\SDFix
2008-11-05 09:58 . 2008-11-05 09:58 59,904 --a------ c:\windows\System32\Obwx0HVn.exe
2008-11-05 09:57 . 2008-11-05 09:57 <REP> d-------- c:\users\Invité\AppData\Roaming\Validity
2008-11-05 09:57 . 2008-11-05 09:57 <REP> d-------- c:\users\Invité\AppData\Roaming\Macromedia
2008-11-05 09:57 . 2008-11-05 09:57 <REP> d-------- c:\users\Invité\AppData\Roaming\ATI
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Videos
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Videos
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Searches
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Searches
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Saved Games
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Saved Games
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Pictures
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Pictures
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Music
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Music
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Links
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Links
2008-11-05 09:56 . 2008-11-05 09:57 <REP> dr------- c:\users\Invité\Favorites
2008-11-05 09:56 . 2008-11-05 09:57 <REP> dr------- c:\users\Invité\Favorites
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Downloads
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Downloads
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Documents
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Documents
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Desktop
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Desktop
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Contacts
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Contacts
2008-11-05 09:56 . 2008-11-05 09:57 <REP> d---s---- c:\users\Invité\AppData\Roaming\Microsoft
2008-11-05 09:56 . 2006-11-02 13:37 <REP> d-------- c:\users\Invité\AppData\Roaming\Media Center Programs
2008-11-05 09:56 . 2008-11-05 09:56 <REP> d-------- c:\users\Invité\AppData\Roaming\Identities
2008-11-05 09:56 . 2008-03-21 11:55 <REP> d-------- c:\users\Invité\AppData\Roaming\Acer GameZone Console
2008-11-05 09:56 . 2008-11-05 09:56 <REP> d--h----- c:\users\Invité\AppData
2008-11-05 09:56 . 2008-11-05 09:56 <REP> d--h----- c:\users\Invité\AppData
2008-11-05 09:56 . 2008-11-05 09:56 <REP> d-------- c:\users\Invité
2008-11-05 09:56 . 2008-11-05 11:37 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
2008-11-05 09:56 . 2008-11-05 11:37 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
2008-11-05 09:42 . 2008-11-05 09:42 <REP> d-------- c:\program files\Trend Micro
2008-11-05 09:14 . 2008-11-05 09:14 <REP> d-------- c:\windows\System32\Kaspersky Lab
2008-11-05 08:59 . 2008-11-05 09:01 <REP> d-------- c:\users\All Users\Lavasoft
2008-11-05 08:59 . 2008-11-05 09:01 <REP> d-------- c:\programdata\Lavasoft
2008-11-05 08:59 . 2008-11-05 08:59 <REP> d-------- c:\program files\Lavasoft
2008-11-05 08:58 . 2008-11-05 08:58 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-01 10:07 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-01 10:07 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-11-01 10:07 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-11-01 10:06 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-01 10:06 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-01 10:06 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-01 10:06 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-01 10:06 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-25 10:49 . 2008-10-25 10:49 <REP> d-------- c:\users\Laetitia\AppData\Roaming\Samsung
2008-10-25 10:34 . 2007-07-03 15:58 106,792 --a------ c:\windows\System32\drivers\sscdmdm.sys
2008-10-25 10:34 . 2007-07-03 15:54 80,552 --a------ c:\windows\System32\drivers\sscdbus.sys
2008-10-25 10:34 . 2007-07-03 15:57 11,944 --a------ c:\windows\System32\drivers\sscdmdfl.sys
2008-10-25 10:34 . 2007-07-03 16:00 9,256 --a------ c:\windows\System32\drivers\sscdwhnt.sys
2008-10-25 10:34 . 2007-07-03 16:00 9,256 --a------ c:\windows\System32\drivers\sscdwh.sys
2008-10-25 10:34 . 2007-07-03 15:56 9,256 --a------ c:\windows\System32\drivers\sscdcmnt.sys
2008-10-25 10:34 . 2007-07-03 15:56 9,256 --a------ c:\windows\System32\drivers\sscdcm.sys
2008-10-25 10:33 . 2008-10-25 10:35 <REP> d-------- c:\windows\System32\Samsung_USB_Drivers
2008-10-25 10:33 . 2005-08-28 19:51 766 --a------ c:\windows\System32\Uninstall.ico
2008-10-25 10:32 . 2008-10-25 10:32 <REP> d-------- c:\program files\Samsung
2008-10-25 10:32 . 2008-10-25 10:45 5,632 --a------ c:\windows\System32\drivers\StarOpen.sys
2008-10-15 13:00 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-15 12:55 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-15 12:55 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-15 12:55 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-15 12:53 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-15 12:53 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-14 20:08 . 2008-10-14 20:09 <REP> d-------- c:\users\Laetitia\AppData\Roaming\BeachPartyCraze
2008-10-14 17:28 . 2008-10-14 17:28 <REP> d-------- c:\program files\Google
2008-10-12 16:39 . 2008-10-12 16:39 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 16:39 . 2008-10-12 16:39 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 16:39 . 2008-10-12 16:39 <REP> d-------- c:\program files\iTunes
2008-10-12 16:39 . 2008-10-12 16:39 <REP> d-------- c:\program files\iPod
2008-10-10 07:20 . 2008-10-10 07:24 <REP> d-------- c:\program files\PhotoFiltre

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 10:37 786,432 --sha-w c:\users\Invité\NTUSER.DAT
2008-11-05 10:37 786,432 --sha-w c:\users\Invité\NTUSER.DAT
2008-11-05 08:57 --------- d-s---w c:\users\Invité\AppData\Roaming\Microsoft
2008-11-05 08:57 --------- d-----w c:\users\Invité\AppData\Roaming\Validity
2008-11-05 08:57 --------- d-----w c:\users\Invité\AppData\Roaming\Macromedia
2008-11-05 08:57 --------- d-----w c:\users\Invité\AppData\Roaming\ATI
2008-11-05 08:56 --------- d-----w c:\users\Invité\AppData\Roaming\Identities
2008-10-25 09:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-16 04:56 --------- d-----w c:\program files\Windows Mail
2008-10-15 21:09 --------- d-----w c:\programdata\Microsoft Help
2008-10-14 20:08 --------- d---a-w c:\programdata\TEMP
2008-10-04 09:21 --------- d-----w c:\program files\DivX
2008-10-04 09:20 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-10-01 13:23 --------- d-----w c:\users\Laetitia\AppData\Roaming\PlayFirst
2008-10-01 13:23 --------- d-----w c:\programdata\PlayFirst
2008-09-29 16:13 --------- d-----w c:\users\Laetitia\AppData\Roaming\.ABC
2008-09-28 11:59 --------- d-----w c:\program files\ABC
2008-09-26 13:09 --------- d-----w c:\users\Laetitia\AppData\Roaming\vlc
2008-09-26 12:47 --------- d-----w c:\program files\Veoh Networks
2008-09-23 17:32 --------- d-----w c:\programdata\AirportMania
2008-09-23 16:01 --------- d-----w c:\users\Laetitia\AppData\Roaming\Valusoft
2008-09-23 16:01 --------- d-----w c:\programdata\Valusoft
2008-09-18 15:35 --------- d-----w c:\programdata\McAfee
2008-09-18 15:32 --------- d-----w c:\programdata\SiteAdvisor
2008-09-17 18:17 --------- d-----w c:\programdata\Fugazo
2008-09-16 18:05 --------- d-----w c:\users\Laetitia\AppData\Roaming\Jane s Hotel
2008-09-16 17:03 --------- d-----w c:\users\Laetitia\AppData\Roaming\blg
2008-09-16 17:03 --------- d-----w c:\programdata\blg
2008-09-16 15:16 --------- d-----w c:\program files\Acer GameZone
2008-09-16 00:11 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-15 17:27 --------- d-----w c:\program files\VideoLAN
2008-09-15 16:37 --------- d-----w c:\program files\Apple Software Update
2008-09-15 16:34 --------- d-----w c:\program files\Bonjour
2008-09-15 16:33 --------- d-----w c:\program files\QuickTime
2008-09-15 16:32 --------- d-----w c:\program files\Common Files\Apple
2008-09-14 20:22 --------- d-----w c:\users\Laetitia\AppData\Roaming\ViquaSoft
2008-09-14 14:09 --------- d-----w c:\program files\bfgclient
2008-09-14 13:38 --------- d-----w c:\program files\Common Files\Oberon Media
2008-09-12 07:28 --------- d-----w c:\program files\Safari
2008-09-11 13:33 --------- d-----w c:\programdata\NannyMania
2008-09-11 13:19 --------- d-----w c:\programdata\SpinTop Games
2008-09-10 20:04 --------- d-----w c:\program files\Microsoft Works
2008-09-10 16:26 --------- d-----w c:\users\Laetitia\AppData\Roaming\Home Sweet Home
2008-09-10 16:00 --------- d-----w c:\programdata\CyberLink
2008-09-09 19:58 --------- d-----w c:\users\Laetitia\AppData\Roaming\FloodLightGames
2008-09-08 18:57 --------- d-----w c:\users\Laetitia\AppData\Roaming\Big Fish Games
2008-09-07 15:37 --------- d-----w c:\users\Laetitia\AppData\Roaming\Gamelab
2008-09-07 13:23 --------- d-----w c:\programdata\Go Go Gourmet
2008-09-07 08:27 --------- d-----w c:\programdata\Arcade Lab
2008-09-07 08:20 --------- d-----w c:\users\Laetitia\AppData\Roaming\CyberLink
2008-09-07 08:20 --------- d-----w c:\programdata\PlayMovie
2008-09-06 08:46 --------- d-----w c:\programdata\Oberon Games
2008-09-05 17:31 --------- d-----w c:\programdata\Sandlot Games
2008-09-05 17:31 --------- d-----w c:\program files\Common Files\Sandlot Shared
2008-09-05 15:38 --------- d-----w c:\users\Laetitia\AppData\Roaming\Apple Computer
2008-09-05 15:37 --------- d-----w c:\programdata\Apple Computer
2008-09-05 15:34 --------- d-----w c:\programdata\Apple
2008-09-05 15:31 --------- d-----w c:\users\Laetitia\AppData\Roaming\Acer
2008-09-05 15:21 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-06-28 3673600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-28 809480]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-25 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-25 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-06-28 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-06-28 23:29 3130368 c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FE015045-F8E4-492E-A03D-0771E64FCC90}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{94B6DB73-5141-4A2B-85EF-CD29836B2E4E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{63EA630E-9436-4BC8-B82B-22F39F00B076}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{A48BE2C1-D6C0-4DF8-A064-454204B2DADF}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{CFD1BCDE-3CEC-42B1-8944-013124C66939}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{E940B55C-D962-4717-9DA5-C1B3020D4034}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{1F3D742A-D764-444B-9FC6-29D9567563BD}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{47BF15BC-29DF-4BE5-A1D6-7D52783DBEE8}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{EE5CDDDD-2660-49AD-807E-17179F331E5A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{A111E818-2932-45CF-9513-5F8E30BA71E0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{562161D5-6ADE-44C2-BF3F-E68B1BB48BB5}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F00E00D7-6611-4B86-BA3E-352C76FD90D8}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{62B21C4E-EF6B-4839-93CF-F820AF071C44}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E22B0E9F-5BC2-4D9A-A3A0-C353F249399C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{80CB7FB7-71A1-4CCE-8E1B-C72A8F11FEA4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A97831FE-45F4-4D0E-B8CA-CF62FC4BFE4E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B1E8229A-2B4F-4133-84C8-1A97382A346E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1AA0FEE2-6E27-4FA2-A5DE-98951122136C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1021532F-CAEA-4363-874C-5DD3D4BFBD1E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-06-28 43184]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\[u]0/u00.fcl [2008-05-02 16:27 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-06-28 3488768]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-05-08 3552256]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1E60x86.sys [2008-03-11 48128]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-27 40752]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]
.
Contenu du dossier 'Tâches planifiées'

2008-11-05 c:\windows\Tasks\At1.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At10.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At11.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At12.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At13.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At14.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At15.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At16.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At17.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At18.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At19.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At2.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At20.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At21.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At22.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At23.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At24.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At3.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At4.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At5.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At6.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At7.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At8.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At9.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-04 c:\windows\Tasks\User_Feed_Synchronization-{150FEB6A-36AC-4B35-9329-FA40521619D8}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-eRecoveryService - (no file)


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://fr.fr.acer.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 12:10:22
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Acer\Acer Bio Protection\PwdBank.exe
c:\windows\ehome\ehmsas.exe
c:\users\Laetitia\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Acer\Acer VCM\acp2HID.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Heure de fin: 2008-11-05 12:14:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-05 11:13:54

Avant-CF: 81 690 816 512 octets libres
Après-CF: 81,630,244,864 octets libres

378 --- E O F --- 2008-11-05 07:41:45

Voila je t'ai tout copié... je n'ai plus d'alerte ni d'icone dans ma barre de démarrage... donc a mon avis c'est bon je n'ai pus le virus. je te remercie pour ton aide et pour ton temps.



ComboFix 08-11-04.02 - Laetitia 2008-11-05 11:37:48.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2009 [GMT 1:00]
Lancé depuis: c:\users\Laetitia\Desktop\TRISTAN.EXE
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\vlc-0.9.4-win32.exe
c:\users\Laetitia\AppData\Roaming\.#
c:\users\Laetitia\AppData\Roaming\.#\MBX@161C@1CF2990.###
c:\users\Laetitia\AppData\Roaming\.#\MBX@161C@1CF29C0.###
c:\users\Laetitia\AppData\Roaming\.#\MBX@161C@1CF29F0.###

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-05 au 2008-11-05 ))))))))))))))))))))))))))))))))))))
.

2008-11-05 10:36 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Searches
2008-11-05 10:36 . 2008-11-05 10:36 <REP> d-------- c:\users\Secours\AppData\Roaming\Yahoo!
2008-11-05 10:36 . 2008-11-05 10:36 <REP> d-------- c:\users\Secours\AppData\Roaming\Validity
2008-11-05 10:36 . 2008-11-05 10:36 <REP> d-------- c:\users\Secours\AppData\Roaming\ATI
2008-11-05 10:36 . 2008-11-05 10:36 <REP> d-------- c:\users\All Users\Yahoo! Companion
2008-11-05 10:36 . 2008-11-05 10:36 <REP> d-------- c:\programdata\Yahoo! Companion
2008-11-05 10:36 . 2008-11-05 10:36 71,280 --a------ c:\windows\System32\GDIPFONTCACHEV1.DAT
2008-11-05 10:35 . 2008-11-05 10:35 <REP> dr------- c:\users\Secours\Contacts
2008-11-05 10:32 . 2008-11-05 10:01 1,528,982 --a------ c:\users\Public\SDFix.exe
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Videos
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Saved Games
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Pictures
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Music
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Links
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Downloads
2008-11-05 10:26 . 2008-11-05 10:36 <REP> dr------- c:\users\Secours\Documents
2008-11-05 10:26 . 2006-11-02 13:37 <REP> d-------- c:\users\Secours\AppData\Roaming\Media Center Programs
2008-11-05 10:26 . 2008-03-21 11:55 <REP> d-------- c:\users\Secours\AppData\Roaming\Acer GameZone Console
2008-11-05 10:26 . 2008-11-05 10:36 <REP> d--h----- c:\users\Secours\AppData
2008-11-05 10:26 . 2008-11-05 10:36 <REP> d-------- c:\users\Secours
2008-11-05 10:23 . 2008-11-05 11:09 <REP> d-------- C:\SDFix
2008-11-05 09:58 . 2008-11-05 09:58 59,904 --a------ c:\windows\System32\Obwx0HVn.exe
2008-11-05 09:57 . 2008-11-05 09:57 <REP> d-------- c:\users\Invité\AppData\Roaming\Validity
2008-11-05 09:57 . 2008-11-05 09:57 <REP> d-------- c:\users\Invité\AppData\Roaming\Macromedia
2008-11-05 09:57 . 2008-11-05 09:57 <REP> d-------- c:\users\Invité\AppData\Roaming\ATI
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Videos
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Videos
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Searches
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Searches
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Saved Games
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Saved Games
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Pictures
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Pictures
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Music
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Music
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Links
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Links
2008-11-05 09:56 . 2008-11-05 09:57 <REP> dr------- c:\users\Invité\Favorites
2008-11-05 09:56 . 2008-11-05 09:57 <REP> dr------- c:\users\Invité\Favorites
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Downloads
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Downloads
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Documents
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Documents
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Desktop
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Desktop
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Contacts
2008-11-05 09:56 . 2008-11-05 09:56 <REP> dr------- c:\users\Invité\Contacts
2008-11-05 09:56 . 2008-11-05 09:57 <REP> d---s---- c:\users\Invité\AppData\Roaming\Microsoft
2008-11-05 09:56 . 2006-11-02 13:37 <REP> d-------- c:\users\Invité\AppData\Roaming\Media Center Programs
2008-11-05 09:56 . 2008-11-05 09:56 <REP> d-------- c:\users\Invité\AppData\Roaming\Identities
2008-11-05 09:56 . 2008-03-21 11:55 <REP> d-------- c:\users\Invité\AppData\Roaming\Acer GameZone Console
2008-11-05 09:56 . 2008-11-05 09:56 <REP> d--h----- c:\users\Invité\AppData
2008-11-05 09:56 . 2008-11-05 09:56 <REP> d--h----- c:\users\Invité\AppData
2008-11-05 09:56 . 2008-11-05 09:56 <REP> d-------- c:\users\Invité
2008-11-05 09:56 . 2008-11-05 11:37 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
2008-11-05 09:56 . 2008-11-05 11:37 786,432 --ahs---- c:\users\Invité\NTUSER.DAT
2008-11-05 09:42 . 2008-11-05 09:42 <REP> d-------- c:\program files\Trend Micro
2008-11-05 09:14 . 2008-11-05 09:14 <REP> d-------- c:\windows\System32\Kaspersky Lab
2008-11-05 08:59 . 2008-11-05 09:01 <REP> d-------- c:\users\All Users\Lavasoft
2008-11-05 08:59 . 2008-11-05 09:01 <REP> d-------- c:\programdata\Lavasoft
2008-11-05 08:59 . 2008-11-05 08:59 <REP> d-------- c:\program files\Lavasoft
2008-11-05 08:58 . 2008-11-05 08:58 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-01 10:07 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-01 10:07 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-11-01 10:07 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-11-01 10:06 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-01 10:06 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-01 10:06 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-01 10:06 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-01 10:06 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-25 10:49 . 2008-10-25 10:49 <REP> d-------- c:\users\Laetitia\AppData\Roaming\Samsung
2008-10-25 10:34 . 2007-07-03 15:58 106,792 --a------ c:\windows\System32\drivers\sscdmdm.sys
2008-10-25 10:34 . 2007-07-03 15:54 80,552 --a------ c:\windows\System32\drivers\sscdbus.sys
2008-10-25 10:34 . 2007-07-03 15:57 11,944 --a------ c:\windows\System32\drivers\sscdmdfl.sys
2008-10-25 10:34 . 2007-07-03 16:00 9,256 --a------ c:\windows\System32\drivers\sscdwhnt.sys
2008-10-25 10:34 . 2007-07-03 16:00 9,256 --a------ c:\windows\System32\drivers\sscdwh.sys
2008-10-25 10:34 . 2007-07-03 15:56 9,256 --a------ c:\windows\System32\drivers\sscdcmnt.sys
2008-10-25 10:34 . 2007-07-03 15:56 9,256 --a------ c:\windows\System32\drivers\sscdcm.sys
2008-10-25 10:33 . 2008-10-25 10:35 <REP> d-------- c:\windows\System32\Samsung_USB_Drivers
2008-10-25 10:33 . 2005-08-28 19:51 766 --a------ c:\windows\System32\Uninstall.ico
2008-10-25 10:32 . 2008-10-25 10:32 <REP> d-------- c:\program files\Samsung
2008-10-25 10:32 . 2008-10-25 10:45 5,632 --a------ c:\windows\System32\drivers\StarOpen.sys
2008-10-15 13:00 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-15 12:55 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-15 12:55 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-15 12:55 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-15 12:53 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-15 12:53 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-14 20:08 . 2008-10-14 20:09 <REP> d-------- c:\users\Laetitia\AppData\Roaming\BeachPartyCraze
2008-10-14 17:28 . 2008-10-14 17:28 <REP> d-------- c:\program files\Google
2008-10-12 16:39 . 2008-10-12 16:39 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 16:39 . 2008-10-12 16:39 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 16:39 . 2008-10-12 16:39 <REP> d-------- c:\program files\iTunes
2008-10-12 16:39 . 2008-10-12 16:39 <REP> d-------- c:\program files\iPod
2008-10-10 07:20 . 2008-10-10 07:24 <REP> d-------- c:\program files\PhotoFiltre

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 10:37 786,432 --sha-w c:\users\Invité\NTUSER.DAT
2008-11-05 10:37 786,432 --sha-w c:\users\Invité\NTUSER.DAT
2008-11-05 08:57 --------- d-s---w c:\users\Invité\AppData\Roaming\Microsoft
2008-11-05 08:57 --------- d-----w c:\users\Invité\AppData\Roaming\Validity
2008-11-05 08:57 --------- d-----w c:\users\Invité\AppData\Roaming\Macromedia
2008-11-05 08:57 --------- d-----w c:\users\Invité\AppData\Roaming\ATI
2008-11-05 08:56 --------- d-----w c:\users\Invité\AppData\Roaming\Identities
2008-10-25 09:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-16 04:56 --------- d-----w c:\program files\Windows Mail
2008-10-15 21:09 --------- d-----w c:\programdata\Microsoft Help
2008-10-14 20:08 --------- d---a-w c:\programdata\TEMP
2008-10-04 09:21 --------- d-----w c:\program files\DivX
2008-10-04 09:20 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-10-01 13:23 --------- d-----w c:\users\Laetitia\AppData\Roaming\PlayFirst
2008-10-01 13:23 --------- d-----w c:\programdata\PlayFirst
2008-09-29 16:13 --------- d-----w c:\users\Laetitia\AppData\Roaming\.ABC
2008-09-28 11:59 --------- d-----w c:\program files\ABC
2008-09-26 13:09 --------- d-----w c:\users\Laetitia\AppData\Roaming\vlc
2008-09-26 12:47 --------- d-----w c:\program files\Veoh Networks
2008-09-23 17:32 --------- d-----w c:\programdata\AirportMania
2008-09-23 16:01 --------- d-----w c:\users\Laetitia\AppData\Roaming\Valusoft
2008-09-23 16:01 --------- d-----w c:\programdata\Valusoft
2008-09-18 15:35 --------- d-----w c:\programdata\McAfee
2008-09-18 15:32 --------- d-----w c:\programdata\SiteAdvisor
2008-09-17 18:17 --------- d-----w c:\programdata\Fugazo
2008-09-16 18:05 --------- d-----w c:\users\Laetitia\AppData\Roaming\Jane s Hotel
2008-09-16 17:03 --------- d-----w c:\users\Laetitia\AppData\Roaming\blg
2008-09-16 17:03 --------- d-----w c:\programdata\blg
2008-09-16 15:16 --------- d-----w c:\program files\Acer GameZone
2008-09-16 00:11 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-15 17:27 --------- d-----w c:\program files\VideoLAN
2008-09-15 16:37 --------- d-----w c:\program files\Apple Software Update
2008-09-15 16:34 --------- d-----w c:\program files\Bonjour
2008-09-15 16:33 --------- d-----w c:\program files\QuickTime
2008-09-15 16:32 --------- d-----w c:\program files\Common Files\Apple
2008-09-14 20:22 --------- d-----w c:\users\Laetitia\AppData\Roaming\ViquaSoft
2008-09-14 14:09 --------- d-----w c:\program files\bfgclient
2008-09-14 13:38 --------- d-----w c:\program files\Common Files\Oberon Media
2008-09-12 07:28 --------- d-----w c:\program files\Safari
2008-09-11 13:33 --------- d-----w c:\programdata\NannyMania
2008-09-11 13:19 --------- d-----w c:\programdata\SpinTop Games
2008-09-10 20:04 --------- d-----w c:\program files\Microsoft Works
2008-09-10 16:26 --------- d-----w c:\users\Laetitia\AppData\Roaming\Home Sweet Home
2008-09-10 16:00 --------- d-----w c:\programdata\CyberLink
2008-09-09 19:58 --------- d-----w c:\users\Laetitia\AppData\Roaming\FloodLightGames
2008-09-08 18:57 --------- d-----w c:\users\Laetitia\AppData\Roaming\Big Fish Games
2008-09-07 15:37 --------- d-----w c:\users\Laetitia\AppData\Roaming\Gamelab
2008-09-07 13:23 --------- d-----w c:\programdata\Go Go Gourmet
2008-09-07 08:27 --------- d-----w c:\programdata\Arcade Lab
2008-09-07 08:20 --------- d-----w c:\users\Laetitia\AppData\Roaming\CyberLink
2008-09-07 08:20 --------- d-----w c:\programdata\PlayMovie
2008-09-06 08:46 --------- d-----w c:\programdata\Oberon Games
2008-09-05 17:31 --------- d-----w c:\programdata\Sandlot Games
2008-09-05 17:31 --------- d-----w c:\program files\Common Files\Sandlot Shared
2008-09-05 15:38 --------- d-----w c:\users\Laetitia\AppData\Roaming\Apple Computer
2008-09-05 15:37 --------- d-----w c:\programdata\Apple Computer
2008-09-05 15:34 --------- d-----w c:\programdata\Apple
2008-09-05 15:31 --------- d-----w c:\users\Laetitia\AppData\Roaming\Acer
2008-09-05 15:21 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-06-28 3673600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-28 809480]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-25 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-25 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-06-28 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-06-28 23:29 3130368 c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FE015045-F8E4-492E-A03D-0771E64FCC90}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{94B6DB73-5141-4A2B-85EF-CD29836B2E4E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{63EA630E-9436-4BC8-B82B-22F39F00B076}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{A48BE2C1-D6C0-4DF8-A064-454204B2DADF}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{CFD1BCDE-3CEC-42B1-8944-013124C66939}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{E940B55C-D962-4717-9DA5-C1B3020D4034}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{1F3D742A-D764-444B-9FC6-29D9567563BD}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{47BF15BC-29DF-4BE5-A1D6-7D52783DBEE8}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{EE5CDDDD-2660-49AD-807E-17179F331E5A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{A111E818-2932-45CF-9513-5F8E30BA71E0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{562161D5-6ADE-44C2-BF3F-E68B1BB48BB5}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F00E00D7-6611-4B86-BA3E-352C76FD90D8}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{62B21C4E-EF6B-4839-93CF-F820AF071C44}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E22B0E9F-5BC2-4D9A-A3A0-C353F249399C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{80CB7FB7-71A1-4CCE-8E1B-C72A8F11FEA4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A97831FE-45F4-4D0E-B8CA-CF62FC4BFE4E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B1E8229A-2B4F-4133-84C8-1A97382A346E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1AA0FEE2-6E27-4FA2-A5DE-98951122136C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1021532F-CAEA-4363-874C-5DD3D4BFBD1E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-06-28 43184]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\[u]0/u00.fcl [2008-05-02 16:27 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-06-28 3488768]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-05-08 3552256]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1E60x86.sys [2008-03-11 48128]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-27 40752]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]
.
Contenu du dossier 'Tâches planifiées'

2008-11-05 c:\windows\Tasks\At1.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At10.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At11.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At12.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At13.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At14.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At15.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At16.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At17.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At18.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At19.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At2.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At20.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At21.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At22.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At23.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At24.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At3.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At4.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At5.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At6.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At7.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At8.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-05 c:\windows\Tasks\At9.job
- c:\windows\system32\Obwx0HVn.exe [2008-11-05 09:58]

2008-11-04 c:\windows\Tasks\User_Feed_Synchronization-{150FEB6A-36AC-4B35-9329-FA40521619D8}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-eRecoveryService - (no file)


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://fr.fr.acer.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 12:10:22
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Acer\Acer Bio Protection\PwdBank.exe
c:\windows\ehome\ehmsas.exe
c:\users\Laetitia\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Acer\Acer VCM\acp2HID.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Heure de fin: 2008-11-05 12:14:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-05 11:13:54

Avant-CF: 81 690 816 512 octets libres
Après-CF: 81,630,244,864 octets libres

378 --- E O F --- 2008-11-05 07:41:45

c'est bon je pense que ca a marché car je n'ai plus d'alerte ni l'icone dans ma barre de demarrage. je te remercie pour ton aide et pour le temps que tu m'as accordé. merci beaucoup

c'est pas encore fini il en reste

1- Rends toi sur ce site :

http://www.virustotal.com/

Copies ce qui suit et colles le dans l'espace pour la recherche :

c:\windows\System32\Obwx0HVn.exe

Cliques sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copies le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )




---> postes moi donc le rapport ( en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite
ou sinon copie les liens et poste les stp...

et pendant ce temps

fait ceci

prend ce lien

http://eric.71.mespages.googlepages.com/Lop.sd.exe

et fait l'option 1 ensuite poste le rapport

voici le rapport de Lop S&D



--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL6
USER : Laetitia ( Not Administrator ! )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081105-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:75 Go)
D:\ (Local Disk) - NTFS - Total:104 Go (Free:104 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 05/11/2008|16:55 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[07/09/2008|09:20] C:\Users\Laetitia\AppData\Local\Acer Arcade Deluxe
[03/09/2008|08:53] C:\Users\Laetitia\AppData\Local\Adobe
[05/09/2008|16:35] C:\Users\Laetitia\AppData\Local\Apple
[06/09/2008|07:19] C:\Users\Laetitia\AppData\Local\Apple Computer
[02/09/2008|16:19] C:\Users\Laetitia\AppData\Local\Application Data
[02/09/2008|16:20] C:\Users\Laetitia\AppData\Local\ATI
[07/09/2008|09:21] C:\Users\Laetitia\AppData\Local\CyberLink
[07/09/2008|09:25] C:\Users\Laetitia\AppData\Local\d3d9caps.dat
[25/10/2008|07:49] C:\Users\Laetitia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07/09/2008|15:35] C:\Users\Laetitia\AppData\Local\FamilyRestaurant
[02/09/2008|16:19] C:\Users\Laetitia\AppData\Local\GDIPFONTCACHEV1.DAT
[02/09/2008|16:19] C:\Users\Laetitia\AppData\Local\Historique
[05/11/2008|14:26] C:\Users\Laetitia\AppData\Local\IconCache.db
[20/10/2008|20:49] C:\Users\Laetitia\AppData\Local\Microsoft
[07/09/2008|11:59] C:\Users\Laetitia\AppData\Local\PlayMovie
[10/09/2008|17:00] C:\Users\Laetitia\AppData\Local\PowerCinema
[07/09/2008|09:21] C:\Users\Laetitia\AppData\Local\SoftDMA
[05/11/2008|16:55] C:\Users\Laetitia\AppData\Local\Temp
[02/09/2008|16:19] C:\Users\Laetitia\AppData\Local\Temporary Internet Files
[02/09/2008|16:31] C:\Users\Laetitia\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[05/11/2008 10:09][--a------] C:\Windows\tasks\At24.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At23.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At22.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At21.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At20.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At19.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At18.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At17.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At16.job
[05/11/2008 14:00][--a------] C:\Windows\tasks\At15.job
[05/11/2008 13:00][--a------] C:\Windows\tasks\At14.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At13.job
[05/11/2008 11:00][--a------] C:\Windows\tasks\At12.job
[05/11/2008 10:02][--a------] C:\Windows\tasks\At11.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At10.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At9.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At8.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At7.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At6.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At5.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At4.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At3.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At2.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At1.job
[05/11/2008 16:49][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{150FEB6A-36AC-4B35-9329-FA40521619D8}.job
[05/11/2008 16:43][--ah-----] C:\Windows\tasks\SA.DAT
[05/11/2008 14:27][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[21/03/2008|12:02] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[12/10/2008|16:39] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[21/03/2008|11:55] C:\ProgramData\Acer GameZone Console
[21/03/2008|11:56] C:\ProgramData\Adobe
[23/09/2008|18:32] C:\ProgramData\AirportMania
[05/09/2008|16:34] C:\ProgramData\Apple
[05/09/2008|16:37] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[07/09/2008|09:27] C:\ProgramData\Arcade Lab
[28/06/2008|23:27] C:\ProgramData\ATI
[16/09/2008|18:03] C:\ProgramData\blg
[02/09/2008|16:15] C:\ProgramData\Bureau
[10/09/2008|17:00] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[21/03/2008|12:14] C:\ProgramData\eSobi
[02/09/2008|16:15] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[21/03/2008|11:45] C:\ProgramData\FloodLightGames
[17/09/2008|19:17] C:\ProgramData\Fugazo
[07/09/2008|14:23] C:\ProgramData\Go Go Gourmet
[28/06/2008|23:33] C:\ProgramData\InstallShield
[03/11/2008|16:43] C:\ProgramData\LauncherAccess.dt
[05/11/2008|09:01] C:\ProgramData\Lavasoft
[18/09/2008|16:35] C:\ProgramData\McAfee
[02/09/2008|16:15] C:\ProgramData\Menu D‚marrer
[03/09/2008|17:58] C:\ProgramData\Messenger Plus!
[18/09/2008|16:39] C:\ProgramData\Microsoft
[15/10/2008|22:09] C:\ProgramData\Microsoft Help
[02/09/2008|16:15] C:\ProgramData\ModŠles
[11/09/2008|14:33] C:\ProgramData\NannyMania
[05/11/2008|12:23] C:\ProgramData\ntuser.pol
[06/09/2008|09:46] C:\ProgramData\Oberon Games
[01/10/2008|14:23] C:\ProgramData\PlayFirst
[07/09/2008|09:20] C:\ProgramData\PlayMovie
[05/09/2008|18:31] C:\ProgramData\Sandlot Games
[18/09/2008|16:32] C:\ProgramData\SiteAdvisor
[11/09/2008|14:19] C:\ProgramData\SpinTop Games
[02/11/2006|14:02] C:\ProgramData\Start Menu
[14/10/2008|21:08] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[23/09/2008|17:01] C:\ProgramData\Valusoft
[03/09/2008|17:14] C:\ProgramData\WLInstaller
[05/11/2008|10:36] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[02/09/2008|16:19] C:\Program Files\Acer
[28/06/2008|23:46] C:\Program Files\Acer Arcade Deluxe
[16/09/2008|16:16] C:\Program Files\Acer GameZone
[29/06/2008|00:13] C:\Program Files\Acer Inc
[21/03/2008|12:02] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[21/03/2008|11:55] C:\Program Files\Adobe
[02/09/2008|20:51] C:\Program Files\Alwil Software
[15/09/2008|17:37] C:\Program Files\Apple Software Update
[28/06/2008|23:22] C:\Program Files\ATI
[28/06/2008|23:23] C:\Program Files\ATI Technologies
[14/09/2008|15:09] C:\Program Files\bfgclient
[21/03/2008|11:55] C:\Program Files\Big Kahuna Reef
[15/09/2008|17:34] C:\Program Files\Bonjour
[05/11/2008|12:32] C:\Program Files\Common Files
[29/06/2008|00:12] C:\Program Files\Convesoft
[29/06/2008|00:12] C:\Program Files\Cyberlink
[04/10/2008|10:21] C:\Program Files\DivX
[04/09/2008|19:14] C:\Program Files\EA GAMES
[21/03/2008|12:14] C:\Program Files\eSobi
[02/09/2008|16:15] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[14/10/2008|17:28] C:\Program Files\Google
[25/10/2008|10:50] C:\Program Files\InstallShield Installation Information
[28/06/2008|23:27] C:\Program Files\Intel
[05/09/2008|16:36] C:\Program Files\Internet Explorer
[12/10/2008|16:39] C:\Program Files\iPod
[12/10/2008|16:39] C:\Program Files\iTunes
[28/06/2008|23:33] C:\Program Files\Launch Manager
[03/09/2008|10:39] C:\Program Files\Maxis
[03/09/2008|17:56] C:\Program Files\Messenger Plus! Live
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[21/03/2008|12:02] C:\Program Files\Microsoft Office
[10/09/2008|21:04] C:\Program Files\Microsoft Works
[21/03/2008|11:59] C:\Program Files\Microsoft.NET
[21/01/2008|03:35] C:\Program Files\Movie Maker
[02/11/2006|13:37] C:\Program Files\MSBuild
[02/09/2008|20:48] C:\Program Files\MSXML 4.0
[21/03/2008|12:20] C:\Program Files\NewTech Infosystems
[10/10/2008|07:24] C:\Program Files\PhotoFiltre
[15/09/2008|17:33] C:\Program Files\QuickTime
[21/03/2008|11:33] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[12/09/2008|08:28] C:\Program Files\Safari
[25/10/2008|10:32] C:\Program Files\Samsung
[21/03/2008|11:36] C:\Program Files\Synaptics
[05/11/2008|09:42] C:\Program Files\Trend Micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[28/06/2008|23:28] C:\Program Files\Validity Sensors, Inc
[26/09/2008|13:47] C:\Program Files\Veoh Networks
[15/09/2008|18:27] C:\Program Files\VideoLAN
[28/06/2008|23:31] C:\Program Files\WIDCOMM
[21/01/2008|03:35] C:\Program Files\Windows Calendar
[21/01/2008|03:35] C:\Program Files\Windows Collaboration
[21/01/2008|03:35] C:\Program Files\Windows Defender
[21/01/2008|03:35] C:\Program Files\Windows Journal
[03/09/2008|17:23] C:\Program Files\Windows Live
[16/10/2008|05:56] C:\Program Files\Windows Mail
[21/01/2008|03:35] C:\Program Files\Windows Media Player
[02/09/2008|16:15] C:\Program Files\Windows NT
[21/01/2008|03:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|03:35] C:\Program Files\Windows Sidebar
[21/03/2008|12:10] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[21/03/2008|11:55] C:\Program Files\Common Files\Adobe
[15/09/2008|17:32] C:\Program Files\Common Files\Apple
[21/03/2008|12:00] C:\Program Files\Common Files\DESIGNER
[28/06/2008|23:32] C:\Program Files\Common Files\InstallShield
[21/03/2008|12:20] C:\Program Files\Common Files\LightScribe
[03/09/2008|17:24] C:\Program Files\Common Files\microsoft shared
[14/09/2008|14:38] C:\Program Files\Common Files\Oberon Media
[04/10/2008|10:20] C:\Program Files\Common Files\PX Storage Engine
[05/09/2008|18:31] C:\Program Files\Common Files\Sandlot Shared
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|03:35] C:\Program Files\Common Files\System
[03/09/2008|17:23] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 95 Processes )

iexplore.exe ~ [PID:2120]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\Laetitia\AppData\Local\Temp\nsf1170.tmp
C:\Users\Laetitia\AppData\Local\Temp\nsi5F6F.tmp
C:\Users\Laetitia\AppData\Local\Temp\nsp4F7A.tmp
C:\Users\Laetitia\AppData\Local\Temp\nspC4E8.tmp
C:\Users\Laetitia\AppData\Local\Temp\nsqF6ED.tmp
C:\Users\Laetitia\AppData\Local\Temp\nsz224.tmp
C:\Users\Laetitia\AppData\Roaming\MICROS~1\Windows\Cookies\laetitia@advertising[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 16:55:39
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 149

--------------------\\ Recherche d'autres infections

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

--------------------\\ Cracks & Keygens ..

C:\PROGRA~2\Fugazo\Cooking Academy\cached\sounds\eggcrack.wav


[F:15][D:37]-> C:\Users\Laetitia\AppData\Local\Temp
[F:222][D:1]-> C:\Users\Laetitia\AppData\Roaming\MICROS~1\Windows\Cookies
[F:67][D:4]-> C:\Users\Laetitia\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 05/11/2008|16:56 - Option : [1]

--------------------\\ Fin du rapport a 16:56:38
[ UAC => 1 ]

relance lopsd et fait otpion 2

Voici le rapport de virustotal


Fichier Obwx0HVn.exe reçu le 2008.11.05 17:09:53 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 8/36 (22.23%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 3.
L'heure estimée de démarrage est entre 54 et 77 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.5.3 2008.11.05 -
AntiVir 7.9.0.26 2008.11.05 TR/Spy.ZBot.gak
Authentium 5.1.0.4 2008.11.05 -
Avast 4.8.1248.0 2008.11.04 -
AVG 8.0.0.161 2008.11.05 -
BitDefender 7.2 2008.11.05 -
CAT-QuickHeal 9.50 2008.11.04 -
ClamAV 0.94.1 2008.11.05 -
DrWeb 4.44.0.09170 2008.11.05 -
eSafe 7.0.17.0 2008.11.05 -
eTrust-Vet 31.6.6190 2008.11.05 -
Ewido 4.0 2008.11.05 -
F-Prot 4.4.4.56 2008.11.05 -
F-Secure 8.0.14332.0 2008.11.05 Trojan-Spy.Win32.Zbot.gak
Fortinet 3.117.0.0 2008.11.05 -
GData 19 2008.11.05 -
Ikarus T3.1.1.45.0 2008.11.05 -
K7AntiVirus 7.10.517 2008.11.05 -
Kaspersky 7.0.0.125 2008.11.05 Trojan-Spy.Win32.Zbot.gak
McAfee 5424 2008.11.04 -
Microsoft 1.4005 2008.11.05 -
NOD32 3586 2008.11.05 Win32/TrojanClicker.Agent.NES
Norman 5.80.02 2008.11.05 -
Panda 9.0.0.4 2008.11.05 -
PCTools 4.4.2.0 2008.11.05 -
Prevx1 V2 2008.11.05 Malicious Software
Rising 21.02.22.00 2008.11.05 -
SecureWeb-Gateway 6.7.6 2008.11.05 Trojan.Spy.ZBot.gak
Sophos 4.35.0 2008.11.05 Mal/EncPk-CZ
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.05 Trojan.Adclicker
TheHacker 6.3.1.1.140 2008.11.05 -
TrendMicro 8.700.0.1004 2008.11.05 -
VBA32 3.12.8.9 2008.11.05 -
ViRobot 2008.11.5.1453 2008.11.05 -
VirusBuster 4.5.11.0 2008.11.05 -
Information additionnelle
File size: 59904 bytes
MD5...: 827c5d93850836c0bb1517423a845fd3
SHA1..: b5f7a87ee7d4c718f5c8ce7112b1edb6edacd513
SHA256: bb72bd11c8e0d1280f068cfb23dcfee9342a75aae4d9dd8d6eba81dc52890616
SHA512: bdf3d3768b8eb891b5bec91e892891b5cb168a62584703a6c81614da5fc49b0f
1f31dea79729866e1a3d013e5a9217b4d69d6dbf4509c3d2d649220006123bbe
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4011c7
timedatestamp.....: 0x4847024d (Wed Jun 04 20:59:57 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xfb3 0x1000 3.15 2045dce047cd7a000a28cd5685ee32e1
.rdata 0x2000 0x1293 0x1400 5.18 58eee8a286576e1f372daa0c614ce738
.data 0x4000 0x18280 0xc000 7.50 d06620748105071896b93f70b3aeacd4
.reloc 0x1d000 0xeae 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x1e000 0x1d0 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

( 9 imports )
> user32.dll: AppendMenuW, DrawTextA, CreateIcon, LoadMenuA, CopyRect, CloseWindow, IsWindow, InsertMenuA, CopyImage, GetWindowTextLengthA, IsMenu, DialogBoxParamA, DrawIcon, CopyIcon, EndDialog, GetMenu, CalcMenuBar, GetCursor, BlockInput, GetDlgItem
> kernel32.dll: GlobalFree, WriteFile, FindFirstFileA, GetCPInfo, GetConsoleMode, GetStdHandle, DeleteFileW, CreateThread, CopyFileExW, ReadFile, CreateProcessA, DeleteAtom, CopyFileW, GetFileSize, OpenFile, ExitThread, GetComputerNameA, ReadConsoleA, FindAtomA
> gdi32.dll: GetPixel, BeginPath, CopyMetaFileA, ExcludeClipRect, CreateSolidBrush, DeleteObject, CancelDC, ClearBrushAttributes, CloseMetaFile, DeleteDC, GetPixel, ExtTextOutA, GetDCOrgEx, RestoreDC, GetClipBox, AddFontResourceExA, AddFontResourceA, ClearBitmapAttributes, SetTextColor
> advapi32.dll: RegEnumKeyExA, RegEnumKeyExW, RegDeleteKeyA, RegDeleteValueW, RegCreateKeyExW, RegEnumKeyW, RegQueryInfoKeyA, RegQueryValueExW, RegReplaceKeyA, RegQueryValueA, RegQueryInfoKeyW, RegDeleteValueA, RegLoadKeyA, RegOpenKeyW, RegReplaceKeyW, RegCreateKeyExA, RegDeleteKeyW, RegEnumValueW, RegGetKeySecurity, RegFlushKey, RegEnumKeyA, RegQueryValueW, RegOpenKeyExA
> user32.dll: CalcMenuBar, BlockInput, LoadMenuA, CopyImage, GetFocus, LoadCursorA, CreateIcon, GetDlgItem, EndDialog, DrawIconEx, GetDC, GetMenu, DrawTextA, DialogBoxParamA, IsWindow, CopyRect, DialogBoxParamW, AlignRects
> user32.dll: InsertMenuA, CalcMenuBar, AppendMenuA, GetDC, GetFocus, IsWindow, IsMenu, DrawTextA, AppendMenuW, BlockInput, CreateIcon, LoadMenuA, CopyIcon, CloseWindow, GetWindowTextA, DrawIcon, LoadCursorA, EndDialog, GetWindowTextLengthA
> advapi32.dll: RegDeleteKeyW, RegCreateKeyW, RegLoadKeyW, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegLoadKeyA, RegFlushKey, RegQueryValueExW, RegQueryInfoKeyA, RegOpenKeyExW, RegGetKeySecurity, RegReplaceKeyA, RegQueryInfoKeyW, RegEnumKeyW, RegEnumValueA
> comctl32.dll: ImageList_BeginDrag, ImageList_DragLeave, ImageList_DragMove, ImageList_LoadImageW, InitCommonControls, ImageList_Read, ImageList_EndDrag, ImageList_LoadImageA, ImageList_Destroy, ImageList_LoadImage, ImageList_Draw, ImageList_AddIcon, ImageList_GetIcon, ImageList_DragEnter, ImageList_DragShowNolock, ImageList_Replace, ImageList_Create, ImageList_DrawIndirect, ImageList_DrawEx, ImageList_Remove, ImageList_ReplaceIcon, ImageList_GetDragImage
> comctl32.dll: ImageList_AddIcon, ImageList_EndDrag, ImageList_GetDragImage, ImageList_Merge, ImageList_Replace, ImageList_DragShowNolock, ImageList_AddMasked, ImageList_GetImageInfo, ImageList_GetIconSize, ImageList_DragEnter, ImageList_BeginDrag, ImageList_Destroy, ImageList_DragMove, ImageList_LoadImageA, ImageList_Create, ImageList_Draw, ImageList_GetImageRect, ImageList_Remove

( 0 exports )

Prevx info: http://info.prevx.com/...
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=827c5d93850836c0bb1517423a845fd3

le rapport de Lop S&D option 2



--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL6
USER : Laetitia ( Not Administrator ! )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081105-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:75 Go)
D:\ (Local Disk) - NTFS - Total:104 Go (Free:104 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 05/11/2008|17:18 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\Laetitia\AppData\Local\Temp\nsf1170.tmp
Supprime! - C:\Users\Laetitia\AppData\Local\Temp\nsi5F6F.tmp
Supprime! - C:\Users\Laetitia\AppData\Local\Temp\nsp4F7A.tmp
Supprime! - C:\Users\Laetitia\AppData\Local\Temp\nspC4E8.tmp
Supprime! - C:\Users\Laetitia\AppData\Local\Temp\nsqF6ED.tmp
Supprime! - C:\Users\Laetitia\AppData\Local\Temp\nsz224.tmp
Supprime! - C:\Users\Laetitia\AppData\Roaming\MICROS~1\Windows\Cookies\laetitia@advertising[1].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[07/09/2008|09:20] C:\Users\Laetitia\AppData\Local\Acer Arcade Deluxe
[03/09/2008|08:53] C:\Users\Laetitia\AppData\Local\Adobe
[05/09/2008|16:35] C:\Users\Laetitia\AppData\Local\Apple
[06/09/2008|07:19] C:\Users\Laetitia\AppData\Local\Apple Computer
[02/09/2008|16:19] C:\Users\Laetitia\AppData\Local\Application Data
[02/09/2008|16:20] C:\Users\Laetitia\AppData\Local\ATI
[07/09/2008|09:21] C:\Users\Laetitia\AppData\Local\CyberLink
[07/09/2008|09:25] C:\Users\Laetitia\AppData\Local\d3d9caps.dat
[25/10/2008|07:49] C:\Users\Laetitia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07/09/2008|15:35] C:\Users\Laetitia\AppData\Local\FamilyRestaurant
[02/09/2008|16:19] C:\Users\Laetitia\AppData\Local\GDIPFONTCACHEV1.DAT
[02/09/2008|16:19] C:\Users\Laetitia\AppData\Local\Historique
[05/11/2008|14:26] C:\Users\Laetitia\AppData\Local\IconCache.db
[20/10/2008|20:49] C:\Users\Laetitia\AppData\Local\Microsoft
[07/09/2008|11:59] C:\Users\Laetitia\AppData\Local\PlayMovie
[10/09/2008|17:00] C:\Users\Laetitia\AppData\Local\PowerCinema
[07/09/2008|09:21] C:\Users\Laetitia\AppData\Local\SoftDMA
[05/11/2008|17:18] C:\Users\Laetitia\AppData\Local\Temp
[02/09/2008|16:19] C:\Users\Laetitia\AppData\Local\Temporary Internet Files
[02/09/2008|16:31] C:\Users\Laetitia\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[05/11/2008 10:09][--a------] C:\Windows\tasks\At24.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At23.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At22.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At21.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At20.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At19.job
[05/11/2008 17:00][--a------] C:\Windows\tasks\At18.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At17.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At16.job
[05/11/2008 14:00][--a------] C:\Windows\tasks\At15.job
[05/11/2008 13:00][--a------] C:\Windows\tasks\At14.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At13.job
[05/11/2008 11:00][--a------] C:\Windows\tasks\At12.job
[05/11/2008 10:02][--a------] C:\Windows\tasks\At11.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At10.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At9.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At8.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At7.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At6.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At5.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At4.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At3.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At2.job
[05/11/2008 10:09][--a------] C:\Windows\tasks\At1.job
[05/11/2008 16:49][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{150FEB6A-36AC-4B35-9329-FA40521619D8}.job
[05/11/2008 16:43][--ah-----] C:\Windows\tasks\SA.DAT
[05/11/2008 14:27][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[21/03/2008|12:02] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[12/10/2008|16:39] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[21/03/2008|11:55] C:\ProgramData\Acer GameZone Console
[21/03/2008|11:56] C:\ProgramData\Adobe
[23/09/2008|18:32] C:\ProgramData\AirportMania
[05/09/2008|16:34] C:\ProgramData\Apple
[05/09/2008|16:37] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[07/09/2008|09:27] C:\ProgramData\Arcade Lab
[28/06/2008|23:27] C:\ProgramData\ATI
[16/09/2008|18:03] C:\ProgramData\blg
[02/09/2008|16:15] C:\ProgramData\Bureau
[10/09/2008|17:00] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[21/03/2008|12:14] C:\ProgramData\eSobi
[02/09/2008|16:15] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[21/03/2008|11:45] C:\ProgramData\FloodLightGames
[17/09/2008|19:17] C:\ProgramData\Fugazo
[07/09/2008|14:23] C:\ProgramData\Go Go Gourmet
[28/06/2008|23:33] C:\ProgramData\InstallShield
[03/11/2008|16:43] C:\ProgramData\LauncherAccess.dt
[05/11/2008|09:01] C:\ProgramData\Lavasoft
[18/09/2008|16:35] C:\ProgramData\McAfee
[02/09/2008|16:15] C:\ProgramData\Menu D‚marrer
[03/09/2008|17:58] C:\ProgramData\Messenger Plus!
[18/09/2008|16:39] C:\ProgramData\Microsoft
[15/10/2008|22:09] C:\ProgramData\Microsoft Help
[02/09/2008|16:15] C:\ProgramData\ModŠles
[11/09/2008|14:33] C:\ProgramData\NannyMania
[05/11/2008|12:23] C:\ProgramData\ntuser.pol
[06/09/2008|09:46] C:\ProgramData\Oberon Games
[01/10/2008|14:23] C:\ProgramData\PlayFirst
[07/09/2008|09:20] C:\ProgramData\PlayMovie
[05/09/2008|18:31] C:\ProgramData\Sandlot Games
[18/09/2008|16:32] C:\ProgramData\SiteAdvisor
[11/09/2008|14:19] C:\ProgramData\SpinTop Games
[02/11/2006|14:02] C:\ProgramData\Start Menu
[14/10/2008|21:08] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[23/09/2008|17:01] C:\ProgramData\Valusoft
[03/09/2008|17:14] C:\ProgramData\WLInstaller
[05/11/2008|10:36] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[02/09/2008|16:19] C:\Program Files\Acer
[28/06/2008|23:46] C:\Program Files\Acer Arcade Deluxe
[16/09/2008|16:16] C:\Program Files\Acer GameZone
[29/06/2008|00:13] C:\Program Files\Acer Inc
[21/03/2008|12:02] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[21/03/2008|11:55] C:\Program Files\Adobe
[02/09/2008|20:51] C:\Program Files\Alwil Software
[15/09/2008|17:37] C:\Program Files\Apple Software Update
[28/06/2008|23:22] C:\Program Files\ATI
[28/06/2008|23:23] C:\Program Files\ATI Technologies
[14/09/2008|15:09] C:\Program Files\bfgclient
[21/03/2008|11:55] C:\Program Files\Big Kahuna Reef
[15/09/2008|17:34] C:\Program Files\Bonjour
[05/11/2008|12:32] C:\Program Files\Common Files
[29/06/2008|00:12] C:\Program Files\Convesoft
[29/06/2008|00:12] C:\Program Files\Cyberlink
[04/10/2008|10:21] C:\Program Files\DivX
[04/09/2008|19:14] C:\Program Files\EA GAMES
[21/03/2008|12:14] C:\Program Files\eSobi
[02/09/2008|16:15] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[14/10/2008|17:28] C:\Program Files\Google
[25/10/2008|10:50] C:\Program Files\InstallShield Installation Information
[28/06/2008|23:27] C:\Program Files\Intel
[05/09/2008|16:36] C:\Program Files\Internet Explorer
[12/10/2008|16:39] C:\Program Files\iPod
[12/10/2008|16:39] C:\Program Files\iTunes
[28/06/2008|23:33] C:\Program Files\Launch Manager
[03/09/2008|10:39] C:\Program Files\Maxis
[03/09/2008|17:56] C:\Program Files\Messenger Plus! Live
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[21/03/2008|12:02] C:\Program Files\Microsoft Office
[10/09/2008|21:04] C:\Program Files\Microsoft Works
[21/03/2008|11:59] C:\Program Files\Microsoft.NET
[21/01/2008|03:35] C:\Program Files\Movie Maker
[02/11/2006|13:37] C:\Program Files\MSBuild
[02/09/2008|20:48] C:\Program Files\MSXML 4.0
[21/03/2008|12:20] C:\Program Files\NewTech Infosystems
[10/10/2008|07:24] C:\Program Files\PhotoFiltre
[15/09/2008|17:33] C:\Program Files\QuickTime
[21/03/2008|11:33] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[12/09/2008|08:28] C:\Program Files\Safari
[25/10/2008|10:32] C:\Program Files\Samsung
[21/03/2008|11:36] C:\Program Files\Synaptics
[05/11/2008|09:42] C:\Program Files\Trend Micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[28/06/2008|23:28] C:\Program Files\Validity Sensors, Inc
[26/09/2008|13:47] C:\Program Files\Veoh Networks
[15/09/2008|18:27] C:\Program Files\VideoLAN
[28/06/2008|23:31] C:\Program Files\WIDCOMM
[21/01/2008|03:35] C:\Program Files\Windows Calendar
[21/01/2008|03:35] C:\Program Files\Windows Collaboration
[21/01/2008|03:35] C:\Program Files\Windows Defender
[21/01/2008|03:35] C:\Program Files\Windows Journal
[03/09/2008|17:23] C:\Program Files\Windows Live
[16/10/2008|05:56] C:\Program Files\Windows Mail
[21/01/2008|03:35] C:\Program Files\Windows Media Player
[02/09/2008|16:15] C:\Program Files\Windows NT
[21/01/2008|03:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|03:35] C:\Program Files\Windows Sidebar
[21/03/2008|12:10] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[21/03/2008|11:55] C:\Program Files\Common Files\Adobe
[15/09/2008|17:32] C:\Program Files\Common Files\Apple
[21/03/2008|12:00] C:\Program Files\Common Files\DESIGNER
[28/06/2008|23:32] C:\Program Files\Common Files\InstallShield
[21/03/2008|12:20] C:\Program Files\Common Files\LightScribe
[03/09/2008|17:24] C:\Program Files\Common Files\microsoft shared
[14/09/2008|14:38] C:\Program Files\Common Files\Oberon Media
[04/10/2008|10:20] C:\Program Files\Common Files\PX Storage Engine
[05/09/2008|18:31] C:\Program Files\Common Files\Sandlot Shared
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|03:35] C:\Program Files\Common Files\System
[03/09/2008|17:23] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 97 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 17:18:36
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 149

--------------------\\ Recherche d'autres infections

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

--------------------\\ Cracks & Keygens ..

C:\PROGRA~2\Fugazo\Cooking Academy\cached\sounds\eggcrack.wav


[F:23][D:32]-> C:\Users\Laetitia\AppData\Local\Temp
[F:224][D:1]-> C:\Users\Laetitia\AppData\Roaming\MICROS~1\Windows\Cookies
[F:69][D:4]-> C:\Users\Laetitia\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 05/11/2008|16:56 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 05/11/2008|17:19 - Option : [2]

--------------------\\ Fin du rapport a 17:19:33
[ UAC => 1 ]

* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

n´y touche pas

redemarre en mode sans echec:

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/...
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

Note : en mode sans echec tu n´auras plus acces au net alors imprime ou copie les instructions ci dessous dans un fichier texte que tu pourras consulter a souhait
une fois en mode sans echec.

* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

de retour en mode normal

le lien pour le programme ne marche pas...

prend celui ci

http://oldtimer.geekstogo.com/OTMoveIt3.exe