eo.st comme moteur de... - FORUMS MH.

voili,


-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Default System BIOS
USER : fabien ( Not Administrator ! )
BOOT : Fail-safe boot
Antivirus : Avira AntiVir PersonalEdition 7.0.3.150
(Activated)
Firewall : ZoneAlarm Firewall 7.1.248.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:113 Go (Free:54 Go)
D:\ (Local Disk) - NTFS - Total:112 Go (Free:29 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [2] ( 16/11/2008|21:54 )

[ UAC => 0 ]

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\PopSwatr
Supprime! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\Program Files\AskTBar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\fabien\AppData\Roaming\uTorrent\Suite Adobe CS3 + cracks by Sirotilc.torrent
C:\Users\fabien\Documents\logiciel\Adobe Premiere Pro CS3 crack.rar
C:\Users\fabien\Documents\logiciel\Nero 7 Premium 7.5.7.0 (Vista Compatible version)\keygen.exe


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 16/11/2008|21:55 - Option : [2]

-----------\\ Fin du rapport a 21:55:19,57



et hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:18, on 14/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Windows\vVX3000.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\system\wcdvtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Garmin\gStart.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [OWCWebCamDV] C:\Windows\system\wcdvtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SDE3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 11963 bytes

fafoot

ha! effectivement..
fait cela stp...

relance hijacthis en choisissant "do a system scan only" ,sélectionne les lignes indiquées dans la citation ci-dessous en cliquant sur la case à gauche de chaque lignes et clic sur "fix checked"



ensuite...dans la doute...

Télécharge OAD.exe

2 Lancez OAD.exe en faisant un double clique sur le fichier


3 saisissez la valeur recherchée (exemple avec ??????????????e )
attention respecte bien le nombre de "???" avant le "e"

4 Choisissez le type de recherche à effectuer : choisir "6" complète

5 Laissez le travailler
6 Affichage du rapport : faire un copier-coller et le poster.
7 fermer la fenêtre par exit

voila les rapport je croyais te les avoir envoyé hier soir mais bon ca a du buguer...bref les voici.


-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Default System BIOS
USER : fabien ( Not Administrator ! )
BOOT : Fail-safe boot
Antivirus : Avira AntiVir PersonalEdition 7.0.3.150
(Activated)
Firewall : ZoneAlarm Firewall 7.1.248.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:113 Go (Free:54 Go)
D:\ (Local Disk) - NTFS - Total:112 Go (Free:29 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [2] ( 16/11/2008|21:54 )

[ UAC => 0 ]

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\PopSwatr
Supprime! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\Program Files\AskTBar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\fabien\AppData\Roaming\uTorrent\Suite Adobe CS3 + cracks by Sirotilc.torrent
C:\Users\fabien\Documents\logiciel\Adobe Premiere Pro CS3 crack.rar
C:\Users\fabien\Documents\logiciel\Nero 7 Premium 7.5.7.0 (Vista Compatible version)\keygen.exe


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 16/11/2008|21:55 - Option : [2]

-----------\\ Fin du rapport a 21:55:19,57



puis hijack this


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:18, on 14/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Windows\vVX3000.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\system\wcdvtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Garmin\gStart.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [OWCWebCamDV] C:\Windows\system\wcdvtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SDE3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 11963 bytes
voila @+

non je delire il y avait 2 pages désolé autant pour moi

oila c est fait

14/11/2008 ---- 15:14:35,80

----------------------------------
§§§§§§ [EoRezo] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


*******************
[Fichier]
*******************

c:\Users\fabien\AppData\Roaming\Microsoft\Windows\Recent\EOREZO.BFU.lnk
c:\Users\fabien\Desktop\EOREZO.BFU


*********************
[Même date]
*********************

[14/11/2008 ] ---> C:\JavaRa.log
[14/11/2008 ] ---> C:\Windows\DPINST.LOG



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

ce n'est pas le bon rapport OAD que tu m'as poster...c'est celui du 14.11.08 avec EoRezo comme "recherche"


si tu ne retouve pas le rapport refait un scan et enregistre le rapport sur ton bureau pour ne pas le confondre avec un autre...
pense aussi au rapport Otmoveit3 stp..

Otmoveit3 c est quoi ce rapport la ???

et lorsque je lance une recherche avec oad il me sort automatiquement ce rapport daté du 14/11 ??? bizarre

désoler c'est pour maintenant

bon apparemment OAD ne trouve rien ou il bug,pas grave

on passe à la suppression du fichier...

Télécharge >>>OTMoveIt3<<< (de Oldt_Timer) sur ton Bureau.


fait un double-clique sur OTMoveIt3.exe pour lancer l'exécutable
copie la liste qui se trouve dans cette citation



Colle la dans le cadre de gauche de OTMoveIt3


clic sur MoveIt! Pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
clic sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous la forme Date_Heure.log par Expl : ( 011108_203000.log )

Il te sera peut-être demander de redémarrer le pc pour achever la suppression.
Si c'est le cas accepte par Yes.

========== FILES ==========
File/Folder ??????????????e not found.
========== COMMANDS ==========
File delete failed. C:\Users\fabien\AppData\Local\Temp\etilqs_3Z0JgoPEkx9gTTRAnZ87 scheduled to be deleted on reboot.
File delete failed. C:\Users\fabien\AppData\Local\Temp\~DFBCF.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\fabien\AppData\Local\Temp\~DFBE4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\fabien\AppData\Local\Temp\~DFDB8D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\fabien\AppData\Local\Temp\~DFDC7A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11172008_222254

Files moved on Reboot...
File C:\Users\fabien\AppData\Local\Temp\etilqs_3Z0JgoPEkx9gTTRAnZ87 not found!
File C:\Users\fabien\AppData\Local\Temp\~DFBCF.tmp not found!
File C:\Users\fabien\AppData\Local\Temp\~DFBE4.tmp not found!
File C:\Users\fabien\AppData\Local\Temp\~DFDB8D.tmp not found!
File C:\Users\fabien\AppData\Local\Temp\~DFDC7A.tmp not found!
File move failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\urlclassifier3.sqlite scheduled to be moved on reboot.
File move failed. C:\Users\fabien\AppData\Local\Mozilla\Firefox\Profiles\39xs7cax.default\XUL.mfl scheduled to be moved on reboot.

je me doutai que cela ne marcherait pas...

on vas fair eun dernier contrôle pour être sûre...

Télécharge Combofix sur ton Bureau (et pas ailleurs)en le renommant avant qu'il n'atterrisse sur ton bureau.
pour cela fait un clic droit sur Combofix.exe ,choisie "enregistrer la cible du lien sous..." et renomme le en genesis.exe pour l'emplacement choisie ton bureau et clic sur "enregistrer"


Double clique Genesis.exe(le fichier télécharger).
Tape sur la touche1 pour démarrer le scan.
Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Note : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.

je me doutai que cela ne marcherait pas...

on vas faire un dernier contrôle pour être sûre...

Télécharge Combofix sur ton Bureau (et pas ailleurs)en le renommant avant qu'il n'atterrisse sur ton bureau.
pour cela fait un clic droit sur Combofix.exe ,choisie "enregistrer la cible du lien sous..." et renomme le en genesis.exe pour l'emplacement choisie ton bureau et clic sur "enregistrer"


Double clique Genesis.exe(le fichier télécharger).
Tape sur la touche1 pour démarrer le scan.
Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Note : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.

voila,

ComboFix 08-11-16.05 - fabien 2008-11-17 23:03:22.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1120 [GMT 1:00]
Lancé depuis: c:\users\fabien\Desktop\genesis.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MSINET.oca

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-17 au 2008-11-17 ))))))))))))))))))))))))))))))))))))
.

2008-11-17 22:22 . 2008-11-17 22:22 <REP> d-------- C:\_OTMoveIt
2008-11-16 21:43 . 2008-11-16 21:55 <REP> d-------- C:\ToolBar SD
2008-11-16 21:23 . 2008-11-16 21:24 2,836 --a------ C:\GenProc.html
2008-11-16 12:41 . 2008-11-16 12:41 <REP> d-------- c:\program files\MozBackup
2008-11-14 16:03 . 2008-11-14 16:03 5,418 --a------ C:\Internet Explorer.reg
2008-11-13 11:05 . 2008-11-13 11:05 <REP> d-------- c:\program files\IObit
2008-11-13 10:34 . 2008-11-13 10:34 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-13 10:34 . 2008-11-13 10:34 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-13 10:34 . 2008-11-13 10:34 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-13 10:34 . 2008-11-13 10:34 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-12 09:23 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 09:23 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 09:23 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 12:08 . 2008-11-11 12:08 <REP> d-------- c:\users\fabien\iWizz
2008-11-03 09:41 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-03 09:41 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-03 09:41 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-03 09:41 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-03 09:41 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 12:39 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 12:39 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 12:39 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 15:56 . 2008-10-27 16:56 <REP> d-------- c:\users\julie\AppData\Roaming\Skype
2008-10-26 15:22 . 2008-11-17 22:28 <REP> dr------- c:\users\fabien\Searches
2008-10-20 20:21 . 2008-10-20 20:21 <REP> d-------- c:\users\fabien\cuisine
2008-10-18 12:54 . 2008-10-18 12:54 <REP> d-------- C:\adaptec
2008-10-18 12:40 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-10-18 12:40 . 2008-04-17 12:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-10-18 12:39 . 2008-10-18 12:40 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-18 12:39 . 2008-10-18 12:40 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-18 12:39 . 2008-10-18 12:40 <REP> d-------- c:\program files\iTunes
2008-10-18 12:39 . 2008-10-18 12:39 <REP> d-------- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 22:03 3,670,016 --sha-w c:\users\Invité\ntuser.dat
2008-11-17 22:03 3,670,016 --sha-w c:\users\Invité\ntuser.dat
2008-11-17 21:26 352,614 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2008-11-17 20:14 --------- d-----w c:\programdata\Google Updater
2008-11-16 20:57 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-14 14:07 --------- d-----w c:\program files\Java
2008-11-14 14:01 --------- d-----w c:\program files\MSN Messenger
2008-11-14 13:52 --------- d-----w c:\users\fabien\AppData\Roaming\Skype
2008-11-14 12:33 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-12 11:49 --------- d-----w c:\programdata\Microsoft Help
2008-11-12 10:36 --------- d-----w c:\users\fabien\AppData\Roaming\uTorrent
2008-11-11 11:08 --------- d-----w c:\program files\iWizz
2008-11-10 13:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 13:34 --------- d-----w c:\program files\Electronic Arts
2008-10-21 19:06 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 06:41 2,071,552 ----a-w c:\windows\Internet Logs\xDB8E0B.tmp
2008-10-15 18:27 --------- d-----w c:\program files\Windows Mail
2008-10-08 11:35 --------- d-----w c:\users\fabien\AppData\Roaming\Apple Computer
2008-10-06 20:08 --------- d-----w c:\program files\Hercules
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 21:13 --------- d-----w c:\programdata\Apple Computer
2008-10-01 20:02 --------- d-----w c:\program files\QuickTime
2008-10-01 20:02 --------- d-----w c:\program files\Common Files\Apple
2008-10-01 20:02 --------- d-----w c:\program files\Bonjour
2008-10-01 20:01 --------- d-----w c:\program files\Apple Software Update
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-24 13:11 --------- d-----w c:\program files\Sun
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-07 08:33 3,610 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-26 09:30 91,989 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_08_26_09_35_17_small.dmp.zip
2008-08-26 09:25 6,214,853 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-08-17 17:32 593,272 ----a-w c:\windows\System32\SpoonUninstall.exe
2008-08-15 10:25 81,920 ----a-w c:\users\fabien\AppData\Roaming\ezpinst.exe
2008-08-15 10:25 47,360 ----a-w c:\users\fabien\AppData\Roaming\pcouffin.sys
2008-03-22 14:20 174 --sha-w c:\program files\desktop.ini
2004-11-01 09:19 3,118,262 ----a-w c:\program files\Setup.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"EPSON Stylus DX5000 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"gStart"="c:\garmin\gStart.exe" [2007-08-23 1891416]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800]
"VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"OWCWebCamDV"="c:\windows\system\wcdvtray.exe" [2004-05-20 1056768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 959976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

c:\users\fabien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2007-11-13 161264]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-06-09 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13E09A81-2E8C-4502-B660-66214B593F50}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{19200CF2-4EFD-4575-8347-F5C49104B8E6}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{BFC01D75-54E3-41E6-A710-C9B948DBE735}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{E2509781-8847-485F-9B69-AC24D0C6C333}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{74E1DA07-00C3-48EA-A933-35D52CB685AB}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{196622AD-3BBE-400B-9B43-09766EC092D2}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{7CF4E46F-40BD-4F20-B6D4-59A734580406}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{66DFF60B-8534-402D-811D-3A1951C59156}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{F00E42DF-657C-44C5-8220-A23CFA5547F0}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{D16AAB87-16FC-44F2-891D-1CFD768B7275}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"TCP Query User{AFD79617-8233-4A49-86A0-642DA4AFB536}c:\\program files\\tribalweb\\tribalweb.exe"= UDP:c:\program files\tribalweb\tribalweb.exe:tribalweb
"UDP Query User{5DB20C64-74ED-453F-BBDB-CE7A1E8A4133}c:\\program files\\tribalweb\\tribalweb.exe"= TCP:c:\program files\tribalweb\tribalweb.exe:tribalweb
"{C1E85424-82C4-4D6A-AACA-759709D47508}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{6B39DB1D-B680-4A74-88C9-E47D09F9C655}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{71181CFB-281D-4AE2-8731-7997A9E2DD98}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{DA686BE5-1786-40C5-A1C5-B91A21DB4042}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{90A44A9B-8D80-4B4A-8F41-8B020136729A}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{792984AB-29DF-4FF4-8DB1-C6087E5BB870}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{5D5860FB-A4F8-4D3F-BEBB-1228DE9484A2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{712011DF-0212-447A-9211-7AC82E739C10}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DA81E1BA-B6F4-4018-B83B-63EFEC274BAF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{0BE003A0-0746-431E-9ADB-792FA77B1951}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8BE0B5C1-C4BB-4224-A213-097447C92A63}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{43BB173A-FD58-473A-A4D6-E9912BCFBC79}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{34E5B6BA-B60E-4A90-987D-7507C70767AF}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{1BF350D5-C985-4897-A59E-1A3893DCA74D}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{342C0F50-7F3C-4862-B005-291C67AC74E3}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{F9A16C84-AC49-4CAB-961B-5F07493A6DFA}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{6B8E5C89-A1A7-4F16-B449-B4BCEBFDDD38}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{D85FE803-EEB1-4522-8083-5D1E702DF59D}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{78822203-60C0-462F-97E3-11EF1B56EF48}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{35209FC3-9EDA-468F-B8B1-4BDB2CFC6545}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{86710BC6-A12C-4BAA-AF22-7EE6CC21C2DA}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{D6713E73-AC3C-4433-883C-4748BD668ABD}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{156D4B17-1011-4665-B78D-96DB6A249564}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{1B4C14BA-481F-4D9F-B2A3-2D2F25EE6D0C}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{AC068AB6-AB2A-4771-B26E-8BA2F86F4F77}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{0C42FC42-0D51-42CE-8D0F-E99864A723EF}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{239076C9-62F7-4A6C-957B-57613BEAA74A}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{4C319941-6F9E-4E62-879F-5C4F74068EAC}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{894B848A-DDA4-4463-AB30-9AFBED9508BB}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{34026DDB-B2E3-429F-ABEF-7E26D52F8EF0}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{91D336ED-5EEA-4102-B156-13D68C27ACBC}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{EA740C9F-7754-4D1C-AB41-28984B5DE724}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{27AC79EA-16A0-4CA9-B38C-A5C481CFB51E}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{356F2CC0-44BA-4118-AE0A-B560AF7A2291}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2A96A5FE-9204-4829-8604-BE95AFF00ABF}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EA18A8FB-73BE-44EA-8949-F985205DC12D}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{9632D0D1-9A05-4DF0-AD0A-FF9E2EF09A5A}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{767B3E8C-9835-4A31-94FD-7E94E1BE9F8C}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{8259BD77-6B53-4FEA-AEF7-DDF4C595E504}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{1F003F0D-6F46-44BE-A097-36937A52DF07}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{D4BF3B89-AB57-453B-9AB7-22839745E3F5}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8A51583A-3724-418D-99C3-49BBA91AF90F}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{48498E53-CA9E-4C7C-80DC-FFB0574A9C02}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5398E5EE-8FDE-43DB-BBFC-AF43B03E6ECD}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"TCP Query User{81CD2C40-BBDA-44F1-BF62-3B0A09A604D8}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0EA6C978-6074-44BA-B74D-0A4921C9DF54}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{51FAFD2B-0D93-4CEF-9E62-92470CC0993F}c:\\users\\fabien\\desktop\\wow-frfr-installer-downloader.exe"= UDP:c:\users\fabien\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{02A6B6D7-7258-4ECB-A03B-D0DD58C07B21}c:\\users\\fabien\\desktop\\wow-frfr-installer-downloader.exe"= TCP:c:\users\fabien\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{38420CA7-F6BD-448A-93A5-C1F4A18CE1EF}d:\\world of warcraft\\wow-2.2.0-frfr-downloader.exe"= UDP:d:\world of warcraft\wow-2.2.0-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{F51B2A20-3778-44E8-A8E5-81CB0D82CA50}d:\\world of warcraft\\wow-2.2.0-frfr-downloader.exe"= TCP:d:\world of warcraft\wow-2.2.0-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{D7CA2E70-B47D-403E-8B21-8D65736F9610}d:\\world of warcraft\\repair.exe"= UDP:d:\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{97FC7CCA-8091-46C7-9867-B080A9237ECD}d:\\world of warcraft\\repair.exe"= TCP:d:\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{0BE70C07-5D2F-4A3D-BED1-367823557DB7}c:\\users\\fabien\\desktop\\burningcrusade.exe"= UDP:c:\users\fabien\desktop\burningcrusade.exe:burningcrusade.exe
"UDP Query User{2C239094-E309-4599-BFDA-207B596256D0}c:\\users\\fabien\\desktop\\burningcrusade.exe"= TCP:c:\users\fabien\desktop\burningcrusade.exe:burningcrusade.exe
"TCP Query User{0705A0FA-4DED-43F1-B629-4DB72C805F97}d:\\world of warcraft\\backgrounddownloader.exe"= UDP:d:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{5BE00316-95E4-4041-887F-AB9A7AA9F33D}d:\\world of warcraft\\backgrounddownloader.exe"= TCP:d:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{C437127F-9D9E-4505-8377-A924D27BEC9B}c:\\program files\\tribalweb\\tribalweb.exe"= UDP:c:\program files\tribalweb\tribalweb.exe:tribalweb
"UDP Query User{039C8F65-6BA6-4652-A667-D468FE26C9D3}c:\\program files\\tribalweb\\tribalweb.exe"= TCP:c:\program files\tribalweb\tribalweb.exe:tribalweb
"TCP Query User{240EB27B-4EF1-4A0D-9D22-27FEA1939110}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{185DC852-E4EC-43B7-A59D-23A9A57D9DAF}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{98E5CD92-1A91-43DF-A88A-09CA55A32BBF}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{3247E318-8CD6-4E72-9613-780A00AA11EA}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{7C1C0C27-8FB9-4213-B620-5C492D6065D6}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded
"UDP Query User{1CD87096-8618-452B-9898-08BFA4B2867E}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded
"TCP Query User{579AC8E4-F80B-4EBA-B905-05F0FBB5DA7D}c:\\program files\\ea games\\battlefield 2\\bf2voipserver_w32ded.exe"= UDP:c:\program files\ea games\battlefield 2\bf2voipserver_w32ded.exe:BF2VoipServer_w32ded
"UDP Query User{2E98ABDB-B29A-4F24-B5DE-8A64E8CB9469}c:\\program files\\ea games\\battlefield 2\\bf2voipserver_w32ded.exe"= TCP:c:\program files\ea games\battlefield 2\bf2voipserver_w32ded.exe:BF2VoipServer_w32ded
"TCP Query User{D2DD7FC9-9514-4688-8A77-4B8076B22227}c:\\program files\\acer zone\\acer plug and record\\component\\arawp.exe"= UDP:c:\program files\acer zone\acer plug and record\component\arawp.exe:Plug n Record
"UDP Query User{B75DDD95-EDB3-490C-9CF5-8668AB8CD777}c:\\program files\\acer zone\\acer plug and record\\component\\arawp.exe"= TCP:c:\program files\acer zone\acer plug and record\component\arawp.exe:Plug n Record
"TCP Query User{D8CF6A47-C49D-4047-95A2-6557B51D8652}c:\\program files\\acer zone\\acer plug and record\\component\\dvax2process.exe"= UDP:c:\program files\acer zone\acer plug and record\component\dvax2process.exe:DVAX2Process
"UDP Query User{9F9788AF-2342-4EE2-8C1E-DE5A5A523065}c:\\program files\\acer zone\\acer plug and record\\component\\dvax2process.exe"= TCP:c:\program files\acer zone\acer plug and record\component\dvax2process.exe:DVAX2Process
"TCP Query User{16EA32F9-86EE-4847-81F5-E28EFE45E196}c:\\program files\\ivisit\\ivisit.exe"= UDP:c:\program files\ivisit\ivisit.exe: iVisit
"UDP Query User{5DCC460B-78F7-4B4B-A461-72D79B25541F}c:\\program files\\ivisit\\ivisit.exe"= TCP:c:\program files\ivisit\ivisit.exe: iVisit
"{F0EE66A1-98D3-4E64-AEC8-298140413069}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{8DA581D3-98FD-44F6-B643-B2DEF9DFA21A}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"TCP Query User{4F63A05E-9ED6-4EB3-B50B-71D6F99FCA8A}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{5006CC75-D841-4D8F-8F74-E8827310455B}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{8946A6AE-D9E1-4A58-9DEA-6B200C414780}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F6C475EA-6F9A-46AA-A8CD-B5BAAA687D21}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{97481649-5786-4DFE-926A-B32D9669B9EB}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{9645CCD5-26F1-45FE-9912-065E607BC980}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{C622CCB0-802D-4E6A-97A8-36CCE1FFD42E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{4E52FB25-DFA1-43B4-ADFB-EC0B62F2B83C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{C899A550-AC33-4763-837F-FA779CA89683}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0FD710D9-A1B2-4726-9BB9-A15BDD85EB92}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{72280A4B-8837-4F25-BFCF-D2EB304893DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C32C53D7-A147-4C22-8618-1D1E9AE6CB4A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B51E24C6-BF47-41C1-91F0-3F8F618286A3}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E5ADE5CF-B45B-4454-A58A-8AE7FE5A17B5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{87A96019-BECF-45A5-A13E-3ED4CDB7FF97}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B6FEDBE6-18A9-46FE-81B5-722BB6355F81}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2D293F25-BE7D-4D21-B0A1-C4741C05C060}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{B9AFB8D2-94B6-4CE1-8840-4C0445DCE5A9}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{6EB28614-D01B-41AA-8D5D-D371CCDB5C28}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{DF9DB6BD-20DE-45A9-BEAF-BF2BA29C9CAF}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{3536F45B-6379-4E23-A18B-76355D4DA23D}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{CD871DE2-49EA-471D-800A-DA4ABD45227D}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{8D6E128A-A7D3-4307-9F4D-45B1E3F9C5DC}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2007-06-09 19507]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2007-06-09 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2007-06-09 423454]
R2 MSCamSvc;MSCamSvc;"c:\program files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 240408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-11-13 809296]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2008-03-22 21504]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys [2004-09-17 212608]
R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2008-10-06 94720]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-09-17 12672]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-06-09 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{426d911f-1815-11dc-881d-0019214cc7ff}]
\shell\AutoRun\command - J:\Autorun.exe

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-14 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:39]

2008-11-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\fabien\AppData\Roaming\Mozilla\Firefox\Profiles\39xs7cax.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/webhp?hl=fr|http://france.meteofrance.com/france/meteo?PREVISIONS_PORTLET.path=previsionsville/505750|http://www.vente-privee.com/vp4/Home/Default.aspx|http://www.ca-normandie.fr/
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 23:06:19
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-17 23:07:46
ComboFix-quarantined-files.txt 2008-11-17 22:07:42

Avant-CF: 56 956 469 248 octets libres
Après-CF: 56,925,990,912 octets libres

308 --- E O F --- 2008-11-12 11:49:51

bon nickel,on le vois maintenant..

crée un nouveau document texte sur ton bureau
pour cela clic droit sur le bureau Nouveau document texte copie et colle le contenu de la citation ci-dessous à l'intérieur



ensuite clic sur fichier enregister sous...
dans la fenêtre d'enregistrement choisie le bureau comme destination dans type choisie tous les fichiers et dans nom du fichier tape CFScript.txt ensuite clic sur enregistrer et ferme le document texte.

fait un glisser/déposer de ce fichier CFScript.txt sur le fichier Genesis.exe comme sur cette capture.



une fenêtre bleue va apparaître au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
patiente le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
ne touche à rien tant que le scan n'est pas terminé
une fois le scan achevé, un rapport va s'afficher,poste son contenu dans ta prochaine réponse.
si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt

salut,voila c est fait

ComboFix 08-11-17.01 - fabien 2008-11-18 11:30:32.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.984 [GMT 1:00]
Lancé depuis: c:\users\fabien\Desktop\genesis.exe
Commutateurs utilisés :: c:\users\fabien\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\program files\Setup.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Setup.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 10:30 3,670,016 --sha-w c:\users\Invité\ntuser.dat
2008-11-18 10:30 3,670,016 --sha-w c:\users\Invité\ntuser.dat
2008-11-17 21:26 352,614 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2008-11-17 20:14 --------- d-----w c:\programdata\Google Updater
2008-11-16 20:57 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-16 11:41 --------- d-----w c:\program files\MozBackup
2008-11-14 15:03 5,418 ----a-w C:\Internet Explorer.reg
2008-11-14 14:07 --------- d-----w c:\program files\Java
2008-11-14 14:01 --------- d-----w c:\program files\MSN Messenger
2008-11-14 13:52 --------- d-----w c:\users\fabien\AppData\Roaming\Skype
2008-11-14 12:33 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-13 10:05 --------- d-----w c:\program files\IObit
2008-11-13 09:34 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-13 09:34 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-13 09:34 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-13 09:34 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-12 11:49 --------- d-----w c:\programdata\Microsoft Help
2008-11-12 10:36 --------- d-----w c:\users\fabien\AppData\Roaming\uTorrent
2008-11-11 11:08 --------- d-----w c:\program files\iWizz
2008-11-10 13:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 13:34 --------- d-----w c:\program files\Electronic Arts
2008-10-27 15:56 --------- d-----w c:\users\julie\AppData\Roaming\Skype
2008-10-21 19:06 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 06:41 2,071,552 ----a-w c:\windows\Internet Logs\xDB8E0B.tmp
2008-10-18 11:40 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-18 11:40 --------- d-----w c:\program files\iTunes
2008-10-18 11:39 --------- d-----w c:\program files\iPod
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-15 18:27 --------- d-----w c:\program files\Windows Mail
2008-10-08 11:35 --------- d-----w c:\users\fabien\AppData\Roaming\Apple Computer
2008-10-06 20:08 --------- d-----w c:\program files\Hercules
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 21:13 --------- d-----w c:\programdata\Apple Computer
2008-10-01 20:02 --------- d-----w c:\program files\QuickTime
2008-10-01 20:02 --------- d-----w c:\program files\Common Files\Apple
2008-10-01 20:02 --------- d-----w c:\program files\Bonjour
2008-10-01 20:01 --------- d-----w c:\program files\Apple Software Update
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-24 13:11 --------- d-----w c:\program files\Sun
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-10 03:40 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2008-09-07 08:33 3,610 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-09-05 05:14 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-26 09:30 91,989 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_08_26_09_35_17_small.dmp.zip
2008-08-26 09:25 6,214,853 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-08-15 10:25 81,920 ----a-w c:\users\fabien\AppData\Roaming\ezpinst.exe
2008-08-15 10:25 47,360 ----a-w c:\users\fabien\AppData\Roaming\pcouffin.sys
2008-03-22 14:20 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-11-17_23.06.49,99 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-18 10:29:47 6,332,416 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
- 2008-07-18 20:08:20 72,256 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2008-10-16 13:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2008-11-17 21:25:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-18 07:52:20 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-17 21:25:29 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-18 07:52:20 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-17 21:25:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-18 07:52:20 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-17 22:03:13 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-18 10:30:04 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-11-13 09:15:12 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-11-18 07:52:23 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-11-17 07:00:06 507,510 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-11-18 07:50:18 508,144 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2008-11-12 11:47:15 151,558,119 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-11-18 07:51:54 151,850,822 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-16 21:12:19 561,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wuapi.dll
+ 2008-10-16 20:55:59 83,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wudriver.dll
+ 2008-10-16 21:08:57 34,328 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wups.dll
+ 2008-10-16 12:56:04 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuapp.exe
+ 2008-10-16 13:08:00 162,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuwebv.dll
+ 2008-10-16 21:09:43 51,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe
+ 2008-10-16 21:13:38 1,809,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuaueng.dll
+ 2008-10-16 21:09:43 43,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wups2.dll
+ 2008-10-16 20:56:28 1,524,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.788_none_a8125d5406872725\wucltux.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"EPSON Stylus DX5000 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"gStart"="c:\garmin\gStart.exe" [2007-08-23 1891416]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800]
"VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"OWCWebCamDV"="c:\windows\system\wcdvtray.exe" [2004-05-20 1056768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 959976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

c:\users\fabien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2007-11-13 161264]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-06-09 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13E09A81-2E8C-4502-B660-66214B593F50}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{19200CF2-4EFD-4575-8347-F5C49104B8E6}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{BFC01D75-54E3-41E6-A710-C9B948DBE735}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{E2509781-8847-485F-9B69-AC24D0C6C333}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{74E1DA07-00C3-48EA-A933-35D52CB685AB}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{196622AD-3BBE-400B-9B43-09766EC092D2}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{7CF4E46F-40BD-4F20-B6D4-59A734580406}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{66DFF60B-8534-402D-811D-3A1951C59156}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{F00E42DF-657C-44C5-8220-A23CFA5547F0}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{D16AAB87-16FC-44F2-891D-1CFD768B7275}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"TCP Query User{AFD79617-8233-4A49-86A0-642DA4AFB536}c:\\program files\\tribalweb\\tribalweb.exe"= UDP:c:\program files\tribalweb\tribalweb.exe:tribalweb
"UDP Query User{5DB20C64-74ED-453F-BBDB-CE7A1E8A4133}c:\\program files\\tribalweb\\tribalweb.exe"= TCP:c:\program files\tribalweb\tribalweb.exe:tribalweb
"{C1E85424-82C4-4D6A-AACA-759709D47508}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{6B39DB1D-B680-4A74-88C9-E47D09F9C655}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{71181CFB-281D-4AE2-8731-7997A9E2DD98}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{DA686BE5-1786-40C5-A1C5-B91A21DB4042}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{90A44A9B-8D80-4B4A-8F41-8B020136729A}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{792984AB-29DF-4FF4-8DB1-C6087E5BB870}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{5D5860FB-A4F8-4D3F-BEBB-1228DE9484A2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{712011DF-0212-447A-9211-7AC82E739C10}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DA81E1BA-B6F4-4018-B83B-63EFEC274BAF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{0BE003A0-0746-431E-9ADB-792FA77B1951}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8BE0B5C1-C4BB-4224-A213-097447C92A63}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{43BB173A-FD58-473A-A4D6-E9912BCFBC79}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{34E5B6BA-B60E-4A90-987D-7507C70767AF}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{1BF350D5-C985-4897-A59E-1A3893DCA74D}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{342C0F50-7F3C-4862-B005-291C67AC74E3}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{F9A16C84-AC49-4CAB-961B-5F07493A6DFA}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{6B8E5C89-A1A7-4F16-B449-B4BCEBFDDD38}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{D85FE803-EEB1-4522-8083-5D1E702DF59D}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{78822203-60C0-462F-97E3-11EF1B56EF48}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{35209FC3-9EDA-468F-B8B1-4BDB2CFC6545}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{86710BC6-A12C-4BAA-AF22-7EE6CC21C2DA}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{D6713E73-AC3C-4433-883C-4748BD668ABD}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{156D4B17-1011-4665-B78D-96DB6A249564}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{1B4C14BA-481F-4D9F-B2A3-2D2F25EE6D0C}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{AC068AB6-AB2A-4771-B26E-8BA2F86F4F77}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{0C42FC42-0D51-42CE-8D0F-E99864A723EF}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{239076C9-62F7-4A6C-957B-57613BEAA74A}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{4C319941-6F9E-4E62-879F-5C4F74068EAC}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{894B848A-DDA4-4463-AB30-9AFBED9508BB}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{34026DDB-B2E3-429F-ABEF-7E26D52F8EF0}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{91D336ED-5EEA-4102-B156-13D68C27ACBC}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{EA740C9F-7754-4D1C-AB41-28984B5DE724}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{27AC79EA-16A0-4CA9-B38C-A5C481CFB51E}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{356F2CC0-44BA-4118-AE0A-B560AF7A2291}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2A96A5FE-9204-4829-8604-BE95AFF00ABF}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EA18A8FB-73BE-44EA-8949-F985205DC12D}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{9632D0D1-9A05-4DF0-AD0A-FF9E2EF09A5A}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{767B3E8C-9835-4A31-94FD-7E94E1BE9F8C}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{8259BD77-6B53-4FEA-AEF7-DDF4C595E504}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{1F003F0D-6F46-44BE-A097-36937A52DF07}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{D4BF3B89-AB57-453B-9AB7-22839745E3F5}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8A51583A-3724-418D-99C3-49BBA91AF90F}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{48498E53-CA9E-4C7C-80DC-FFB0574A9C02}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5398E5EE-8FDE-43DB-BBFC-AF43B03E6ECD}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"TCP Query User{81CD2C40-BBDA-44F1-BF62-3B0A09A604D8}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0EA6C978-6074-44BA-B74D-0A4921C9DF54}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{51FAFD2B-0D93-4CEF-9E62-92470CC0993F}c:\\users\\fabien\\desktop\\wow-frfr-installer-downloader.exe"= UDP:c:\users\fabien\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{02A6B6D7-7258-4ECB-A03B-D0DD58C07B21}c:\\users\\fabien\\desktop\\wow-frfr-installer-downloader.exe"= TCP:c:\users\fabien\desktop\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{38420CA7-F6BD-448A-93A5-C1F4A18CE1EF}d:\\world of warcraft\\wow-2.2.0-frfr-downloader.exe"= UDP:d:\world of warcraft\wow-2.2.0-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{F51B2A20-3778-44E8-A8E5-81CB0D82CA50}d:\\world of warcraft\\wow-2.2.0-frfr-downloader.exe"= TCP:d:\world of warcraft\wow-2.2.0-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{D7CA2E70-B47D-403E-8B21-8D65736F9610}d:\\world of warcraft\\repair.exe"= UDP:d:\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{97FC7CCA-8091-46C7-9867-B080A9237ECD}d:\\world of warcraft\\repair.exe"= TCP:d:\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{0BE70C07-5D2F-4A3D-BED1-367823557DB7}c:\\users\\fabien\\desktop\\burningcrusade.exe"= UDP:c:\users\fabien\desktop\burningcrusade.exe:burningcrusade.exe
"UDP Query User{2C239094-E309-4599-BFDA-207B596256D0}c:\\users\\fabien\\desktop\\burningcrusade.exe"= TCP:c:\users\fabien\desktop\burningcrusade.exe:burningcrusade.exe
"TCP Query User{0705A0FA-4DED-43F1-B629-4DB72C805F97}d:\\world of warcraft\\backgrounddownloader.exe"= UDP:d:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{5BE00316-95E4-4041-887F-AB9A7AA9F33D}d:\\world of warcraft\\backgrounddownloader.exe"= TCP:d:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{C437127F-9D9E-4505-8377-A924D27BEC9B}c:\\program files\\tribalweb\\tribalweb.exe"= UDP:c:\program files\tribalweb\tribalweb.exe:tribalweb
"UDP Query User{039C8F65-6BA6-4652-A667-D468FE26C9D3}c:\\program files\\tribalweb\\tribalweb.exe"= TCP:c:\program files\tribalweb\tribalweb.exe:tribalweb
"TCP Query User{240EB27B-4EF1-4A0D-9D22-27FEA1939110}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{185DC852-E4EC-43B7-A59D-23A9A57D9DAF}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{98E5CD92-1A91-43DF-A88A-09CA55A32BBF}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{3247E318-8CD6-4E72-9613-780A00AA11EA}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{7C1C0C27-8FB9-4213-B620-5C492D6065D6}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded
"UDP Query User{1CD87096-8618-452B-9898-08BFA4B2867E}c:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:c:\program files\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded
"TCP Query User{579AC8E4-F80B-4EBA-B905-05F0FBB5DA7D}c:\\program files\\ea games\\battlefield 2\\bf2voipserver_w32ded.exe"= UDP:c:\program files\ea games\battlefield 2\bf2voipserver_w32ded.exe:BF2VoipServer_w32ded
"UDP Query User{2E98ABDB-B29A-4F24-B5DE-8A64E8CB9469}c:\\program files\\ea games\\battlefield 2\\bf2voipserver_w32ded.exe"= TCP:c:\program files\ea games\battlefield 2\bf2voipserver_w32ded.exe:BF2VoipServer_w32ded
"TCP Query User{D2DD7FC9-9514-4688-8A77-4B8076B22227}c:\\program files\\acer zone\\acer plug and record\\component\\arawp.exe"= UDP:c:\program files\acer zone\acer plug and record\component\arawp.exe:Plug n Record
"UDP Query User{B75DDD95-EDB3-490C-9CF5-8668AB8CD777}c:\\program files\\acer zone\\acer plug and record\\component\\arawp.exe"= TCP:c:\program files\acer zone\acer plug and record\component\arawp.exe:Plug n Record
"TCP Query User{D8CF6A47-C49D-4047-95A2-6557B51D8652}c:\\program files\\acer zone\\acer plug and record\\component\\dvax2process.exe"= UDP:c:\program files\acer zone\acer plug and record\component\dvax2process.exe:DVAX2Process
"UDP Query User{9F9788AF-2342-4EE2-8C1E-DE5A5A523065}c:\\program files\\acer zone\\acer plug and record\\component\\dvax2process.exe"= TCP:c:\program files\acer zone\acer plug and record\component\dvax2process.exe:DVAX2Process
"TCP Query User{16EA32F9-86EE-4847-81F5-E28EFE45E196}c:\\program files\\ivisit\\ivisit.exe"= UDP:c:\program files\ivisit\ivisit.exe: iVisit
"UDP Query User{5DCC460B-78F7-4B4B-A461-72D79B25541F}c:\\program files\\ivisit\\ivisit.exe"= TCP:c:\program files\ivisit\ivisit.exe: iVisit
"{F0EE66A1-98D3-4E64-AEC8-298140413069}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{8DA581D3-98FD-44F6-B643-B2DEF9DFA21A}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"TCP Query User{4F63A05E-9ED6-4EB3-B50B-71D6F99FCA8A}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{5006CC75-D841-4D8F-8F74-E8827310455B}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{8946A6AE-D9E1-4A58-9DEA-6B200C414780}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F6C475EA-6F9A-46AA-A8CD-B5BAAA687D21}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{97481649-5786-4DFE-926A-B32D9669B9EB}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{9645CCD5-26F1-45FE-9912-065E607BC980}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{C622CCB0-802D-4E6A-97A8-36CCE1FFD42E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{4E52FB25-DFA1-43B4-ADFB-EC0B62F2B83C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{C899A550-AC33-4763-837F-FA779CA89683}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0FD710D9-A1B2-4726-9BB9-A15BDD85EB92}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{72280A4B-8837-4F25-BFCF-D2EB304893DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C32C53D7-A147-4C22-8618-1D1E9AE6CB4A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B51E24C6-BF47-41C1-91F0-3F8F618286A3}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E5ADE5CF-B45B-4454-A58A-8AE7FE5A17B5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{87A96019-BECF-45A5-A13E-3ED4CDB7FF97}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B6FEDBE6-18A9-46FE-81B5-722BB6355F81}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2D293F25-BE7D-4D21-B0A1-C4741C05C060}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{B9AFB8D2-94B6-4CE1-8840-4C0445DCE5A9}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{6EB28614-D01B-41AA-8D5D-D371CCDB5C28}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{DF9DB6BD-20DE-45A9-BEAF-BF2BA29C9CAF}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{3536F45B-6379-4E23-A18B-76355D4DA23D}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{CD871DE2-49EA-471D-800A-DA4ABD45227D}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{8D6E128A-A7D3-4307-9F4D-45B1E3F9C5DC}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [2007-06-09 19507]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [2007-06-09 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [2007-06-09 423454]
R2 MSCamSvc;MSCamSvc;"c:\program files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 240408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-11-13 809296]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2008-03-22 21504]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys [2004-09-17 212608]
R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2008-10-06 94720]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-09-17 12672]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-06-09 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{426d911f-1815-11dc-881d-0019214cc7ff}]
\shell\AutoRun\command - J:\Autorun.exe

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-14 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:39]

2008-11-18 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 11:37:55
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-18 11:39:19
ComboFix-quarantined-files.txt 2008-11-18 10:39:16
ComboFix2.txt 2008-11-17 22:07:47

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 60,651,958,272 octets libres

317 --- E O F --- 2008-11-12 11:49:51

ok,c'est clean



Il nous reste a désinstaller de manière automatique tous les outils utilisés pour la désinfection...

pour cela...


télécharge ToolsCleaner (de A.Rothstein & dj QUIOU) http://pc-system.fr/TC/ToolsCleaner2.exe

doubleclique dessus pour lancer le programme

Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

Poste moi le rapport qui apparait

Attends mon feu vert pour cliquer sur Suppression

salut toi,voila c est fait...


[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Hijackthis Version Française\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\fabien\AppData\Local\VirtualStore\Program Files\Hijackthis Version Française\hijackthis.log: trouvé !
C:\Users\fabien\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\fabien\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Users\fabien\Desktop\Bfu.exe: trouvé !
C:\Users\fabien\Desktop\GenProc.zip: trouvé !
C:\Users\fabien\Desktop\ToolBarSD.exe: trouvé !
C:\Users\fabien\Desktop\OAD.exe: trouvé !
C:\Users\fabien\Desktop\OTMoveIt3.exe: trouvé !
C:\Users\fabien\Desktop\GenProc: trouvé !
C:\Windows\msnfix.txt: trouvé !

c'est bon , tu peux cliquer sur Suppression

une fois cela terminé, supprimes manuellement les fichiers suivants:

- (emplacement de ton choix) \ ToolsCleaner.exe
- C:\TCleaner.txt




si le pc se porte bien d'ici deux ou trois jours,fait cela stp...

Il faut purger ta Restauration du système pour qu'elle soit exempte d'infections.
pour ce faire:

Menu Démarrer Tous les programmes Accessoires Exécuter dans le fenêtre qui s'ouvre tape SystemPropertiesProtection puis clique sur OK.

Une fois la fenêtre Propriétés système ouverte:
1: Décoche la case correspondant au disque système (en général C:\).
2: Accepte l'avertissement en cliquant sur Désactiver la restauration du système.
3: Clique sur Appliquer




====================================================================================================



Pour nettoyer les fichiers temporaires,souvent source de problèmes divers,utilise:
>>Atf Cleaner<<.pas d'installation,juste un exécutable.clique sur Select All puis
sur Empty Selected,une nouvelle fenêtre va apparaître,clique sur Ok.
opération à effectuer dans chaque onglet actif de Atf Cleaner et après
chaque séance de surf sur le net.





Procéde à une Défragmentation afin d'optimiser les temps d'accès du disque dur
lors de la lecture des fichiers.Pour lancer une défragmentation :
Double-clique sur Ordinateur,clic-droit sur le disque à défragmenter puis sur Propriétés.
Choisis l'onglet Outils puis clique sur Défragmenter maintenant .



à renouveler régulièrement,après suppression des fichiers temporaires.

=====================================================================================================


Ne pas oublier de créer un point de restauration après cette manip.

Pour ce faire:

Menu Démarrer Tous les programmes Accessoires Exécuter dans le fenêtre qui s'ouvre tape SystemPropertiesProtection puis clique sur OK.

Une fois la fenêtre Propriétés système ouverte:
1: Coche la case correspondant au disque système (en général C:\)
2: Clique sur Appliquer.
3: Clique sur Créer
4: Dans la fenêtre qui s'ouvre tape par exemple pc propre mh et clique sur Créer patiente le temps de la création et ferme la fenêtre.



=====================================================================================================

un peu de lecture sur la manière de protéger ton surf et ton ordi.

un Compte Utilisateur limité accroît la sécurité de l'ordinateur.

Quelques mesures préventives pour surfer couvert.

Comment éviter les imprudences d'installation.

Reconnaitre et éviter les infections Msn.


si le pc se porte bien tu peux éditer le titre avec en te mettant

sur ton premier message,pour ajouter [résolu] au bout.

-------
Click974

Notre ami

pourquoi ne ceut il pas tout supprimer dans le dernier rapport

par sécurité,toolcleaner n'efface pas les rapport de scan,tu dois les virer manuellement

ok je ferais ca d ici deux jours,merci beaucoup c est sympa.je te remercie encore tchao peut etre a une prochaine....pas trop vite quand meme...lol @+ fabien.

salut,j'avais le même pb il y'a qq mn et suis heureux d'avoir grâce à ton message réussi à virer ce lo.st
methodede jeanmimi chois 3 ,voila merci aux forumistes toujours bienveillants