fenetre explorer intempestive[RESOLU]

Bonjour, depuis 1 semaine dèja , des fenetres explorer ne cesse d'apparaitre , meme si j'arrete tous les processus explorer ceci revienne et de nouvelles pages apparaisse. De plus mon antivirus,antivir , detecte les memes virus touts ls jours , j'ai beau les supprimés , ils reviennent tous le temps. Quelqu'un pourrais m'aider à nettoyer tous ca svp?

Message édité par thekiwi888 le 09-06-2008 à 08:18:30

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

Double clique sur HJTInstall.exe pour lancer l'installation.
Clique sur Install.
Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
Accepte la licence en cliquant sur Yes.
Clique sur "Do a system scan and save a logfile".
Poste ici le rapport généré.

Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

Aide : Comment utiliser HijackThis.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Bonjour à tout le monde,

Je suis tout nouveau sur ce forum: Stéphane de Montpellier.
Je rencontre le même problème: fenêtres avec publicité intempestive qui s'ouvrent que ce soit avec IE ou Firefox.
Je suis sous Vista et j'utilise Bitdefender comme logiciel de sécurité.
Toujours le même problème après avoir lancé Spybot.
Quelqu'un pour m'aider? Je sais que c'est un peu abusé de demander mais je ne sais pas trop comment résoudre mon problème.
D'avance toute mon estime à celui ou celle qui se penchera sur mon problème.
Merci,
Stéphane

ps: j'ai posté ici pour ne pas avoir à recréer un double sujet mais peut etre çà aurait le mieux ?

Message édité par cstef34000 le 04-06-2008 à 09:16:42

Répondre à cstef34000

Merci de m'avoir répondu si vite , voici ce que tu m'as demandé

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:25, on 2008-06-04
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\kiwi\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBqQKaw.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Biasdelete] "C:\ProgramData\Tool Software Software.nawcc6"
O4 - HKCU\..\Run: [Four file program mode] "C:\ProgramData\Ace help pile.awk56"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\kiwi\AppData\Local\Temp\geBqRlKb.dll,#1
O4 - HKCU\..\Run: [3cfe250a] rundll32.exe "C:\Users\kiwi\AppData\Local\Temp\sssjcufm.dll",b
O4 - HKCU\..\Run: [BM3fcd1696] Rundll32.exe "C:\Users\kiwi\AppData\Local\Temp\dqbnuvoa.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/adva [...] module.exe
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9695 bytes

PS : maintenant en plus des pajes , mon naviguateur firefox refuse d'ouvrir des pajes si je ne les lances pas avec un lien qui est dans mes favoris...

Encore merci de ton aide

Répondre à thekiwi888

Re,

Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.

Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
Patiente jusqu'à la fin du scan
Poste le rapport généré (C:\lopR.txt)

Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

voici le rapport :

-----------------------[ Lop S&D 4.2.1-2 XP/Vista ]---------------------

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : kiwi ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 2008-06-04 | 17:09:41.20 ] [ PC : OSCAR ]
[ MAJ : 01-06-2008 | 15:51 ]
[ UAC => 0 ]

-------------[ Listing des dossiers dans Application Data ]------------

[2007-12-01|20:06] C:\Users\kiwi\AppData\Roaming\Adobe\Linguistics
[2007-11-27|15:14] C:\Users\kiwi\AppData\Roaming\Adobe\Acrobat

[2008-01-06|15:22] C:\Users\kiwi\AppData\Roaming\BSplayer\skins
[2008-01-06|15:18] C:\Users\kiwi\AppData\Roaming\BSplayer\bslib

[2007-12-06|23:50] C:\Users\kiwi\AppData\Roaming\CyberLink\PlayMovie
[2007-11-27|20:19] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerCinema
[2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\MediaCache
[2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerProducer
[2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerDVD

[2007-12-14|11:49] C:\Users\kiwi\AppData\Roaming\dvdcss\BENJAMIN-3230303630353330

[2008-05-17|19:10] C:\Users\kiwi\AppData\Roaming\Google\GoogleEarth
[2007-12-06|19:37] C:\Users\kiwi\AppData\Roaming\Google\Local Search History

[2007-11-27|14:38] C:\Users\kiwi\AppData\Roaming\Identities\{E4A6D14E-AF6E-4B60-9B48-AE1E1E7E03A5}

[2007-11-28|23:47] C:\Users\kiwi\AppData\Roaming\Leadertech\PowerRegister

[2008-02-26|22:30] C:\Users\kiwi\AppData\Roaming\Macromedia\Flash Player

[2008-04-25|21:13] C:\Users\kiwi\AppData\Roaming\MAGIX\PhotoMaker

[2008-05-20|16:43] C:\Users\kiwi\AppData\Roaming\Microsoft\Windows Photo Gallery
[2008-05-08|23:39] C:\Users\kiwi\AppData\Roaming\Microsoft\MSN Messenger
[2008-04-27|17:26] C:\Users\kiwi\AppData\Roaming\Microsoft\Office
[2008-04-27|17:26] C:\Users\kiwi\AppData\Roaming\Microsoft\OIS
[2008-04-06|12:34] C:\Users\kiwi\AppData\Roaming\Microsoft\Speech
[2008-04-06|11:46] C:\Users\kiwi\AppData\Roaming\Microsoft\eHome
[2008-03-21|20:15] C:\Users\kiwi\AppData\Roaming\Microsoft\Templates
[2008-02-01|02:26] C:\Users\kiwi\AppData\Roaming\Microsoft\Internet Explorer
[2008-01-31|23:18] C:\Users\kiwi\AppData\Roaming\Microsoft\IdentityCRL
[2008-01-31|23:14] C:\Users\kiwi\AppData\Roaming\Microsoft\Credentials
[2008-01-15|19:05] C:\Users\kiwi\AppData\Roaming\Microsoft\Network
[2007-12-26|16:39] C:\Users\kiwi\AppData\Roaming\Microsoft\Excel
[2007-12-20|00:36] C:\Users\kiwi\AppData\Roaming\Microsoft\Word
[2007-12-19|21:20] C:\Users\kiwi\AppData\Roaming\Microsoft\QuickStyles
[2007-12-19|19:22] C:\Users\kiwi\AppData\Roaming\Microsoft\UProof
[2007-12-14|11:38] C:\Users\kiwi\AppData\Roaming\Microsoft\Clip Organizer
[2007-12-09|16:00] C:\Users\kiwi\AppData\Roaming\Microsoft\HTML Help
[2007-12-09|00:17] C:\Users\kiwi\AppData\Roaming\Microsoft\OneNote
[2007-12-07|10:12] C:\Users\kiwi\AppData\Roaming\Microsoft\Proof
[2007-12-07|10:06] C:\Users\kiwi\AppData\Roaming\Microsoft\Document Building Blocks
[2007-12-07|10:06] C:\Users\kiwi\AppData\Roaming\Microsoft\AddIns
[2007-12-01|15:40] C:\Users\kiwi\AppData\Roaming\Microsoft\MMC
[2007-11-28|21:09] C:\Users\kiwi\AppData\Roaming\Microsoft\Windows
[2007-11-27|15:15] C:\Users\kiwi\AppData\Roaming\Microsoft\preuve
[2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\Protect
[2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\Crypto
[2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\SystemCertificates

[2007-12-02|16:10] C:\Users\kiwi\AppData\Roaming\Mozilla\Firefox

[2007-12-04|22:24] C:\Users\kiwi\AppData\Roaming\Nikon\PictureProject
[2007-12-01|17:45] C:\Users\kiwi\AppData\Roaming\Nikon\Message Center

[2008-03-21|20:33] C:\Users\kiwi\AppData\Roaming\OpenOffice.org2\user

[2008-02-26|21:36] C:\Users\kiwi\AppData\Roaming\PC Tools\Spyware Doctor

[2008-02-15|22:06] C:\Users\kiwi\AppData\Roaming\Real\RealMediaSDK
[2008-01-02|00:31] C:\Users\kiwi\AppData\Roaming\Real\RealPlayer

[2008-02-22|12:13] C:\Users\kiwi\AppData\Roaming\SecuROM\UserData

[2008-05-18|18:42] C:\Users\kiwi\AppData\Roaming\StarOffice8\user

[2008-03-26|09:55] C:\Users\kiwi\AppData\Roaming\vlc\cache

[2008-03-11|20:56] C:\Users\kiwi\AppData\Roaming\Winamp\Plugins

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

[2008-06-03 17:46][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{19BB1475-95D8-42A2-BBE3-6790E09093C7}.job
[2008-06-04 17:08][--ah-----] C:\Windows\tasks\SA.DAT
[2008-06-04 17:07][--a------] C:\Windows\tasks\SCHEDLGU.TXT

------[ Listing des dossiers dans C:\ProgramData ]------

[2007-08-10|09:59] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2008-05-10|00:06] C:\ProgramData\Ace help pile.awk56
[2008-02-28|00:55] C:\ProgramData\addr_file.html
[2008-05-09|23:54] C:\ProgramData\Adobe
[2007-12-01|17:52] C:\ProgramData\Apple
[2007-12-01|17:53] C:\ProgramData\Apple Computer
[2006-11-02|15:02] C:\ProgramData\Application Data
[2008-03-06|22:34] C:\ProgramData\Avira
[2008-05-29|18:10] C:\ProgramData\BM3fcd1696.txt
[2008-06-04|09:39] C:\ProgramData\BM3fcd1696.xml
[2007-11-27|14:33] C:\ProgramData\Bureau
[2007-11-27|14:48] C:\ProgramData\CyberLink
[2006-11-02|15:02] C:\ProgramData\Desktop
[2006-11-02|15:02] C:\ProgramData\Documents
[2007-12-01|17:42] C:\ProgramData\EnterNHelp
[2007-11-27|14:33] C:\ProgramData\Favoris
[2006-11-02|15:02] C:\ProgramData\Favorites
[2008-05-10|00:06] C:\ProgramData\Ford drive four file
[2007-11-28|21:09] C:\ProgramData\Forge of Games
[2007-12-06|19:37] C:\ProgramData\Google
[2008-06-03|17:51] C:\ProgramData\Google Updater
[2008-05-12|12:56] C:\ProgramData\HAL
[2008-03-07|07:02] C:\ProgramData\Kaspersky Lab Setup Files
[2007-12-01|12:11] C:\ProgramData\Lavasoft
[2008-04-25|21:06] C:\ProgramData\MAGIX
[2008-02-22|12:13] C:\ProgramData\Media Center Programs
[2007-11-27|14:33] C:\ProgramData\Menu D‚marrer
[2008-02-21|01:07] C:\ProgramData\Microsoft
[2008-05-12|11:14] C:\ProgramData\Microsoft Help
[2007-11-27|14:33] C:\ProgramData\ModŠles
[2007-12-01|15:33] C:\ProgramData\MumboJumbo
[2007-09-09|03:27] C:\ProgramData\NVIDIA
[2008-02-19|12:24] C:\ProgramData\OrbNetworks
[2008-05-12|12:56] C:\ProgramData\PKP_DLds.DAT
[2008-04-25|20:55] C:\ProgramData\PKP_DLec.DAT
[2008-06-04|17:09] C:\ProgramData\pskt.ini
[2008-01-05|22:20] C:\ProgramData\Real
[2007-12-07|00:50] C:\ProgramData\Sandlot Games
[2006-11-02|15:02] C:\ProgramData\Start Menu
[2008-05-15|20:26] C:\ProgramData\Store Name Math
[2008-05-12|11:50] C:\ProgramData\Symantec
[2008-02-26|23:49] C:\ProgramData\TEMP
[2006-11-02|15:02] C:\ProgramData\Templates
[2008-05-10|00:06] C:\ProgramData\Tool Software Software.96z0k
[2008-05-10|00:06] C:\ProgramData\Tool Software Software.dw5jyp
[2008-05-15|20:48] C:\ProgramData\Tool Software Software.nawcc6
[2008-05-15|20:26] C:\ProgramData\Tool Software Software.qc3u2lv
[2007-12-08|23:15] C:\ProgramData\Trymedia
[2007-12-01|17:42] C:\ProgramData\Ultima_T15

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2008-05-10|19:12] C:\Program Files\3wPlayer
[2007-09-09|03:30] C:\Program Files\Acer Arcade Deluxe
[2007-09-09|03:22] C:\Program Files\ACER Crystal Eye webcam
[2007-09-09|03:34] C:\Program Files\Acer Inc
[2007-08-10|09:59] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2006-05-12|12:31] C:\Program Files\addoninstall.exe
[2008-05-09|23:54] C:\Program Files\Adobe
[2008-01-13|11:13] C:\Program Files\Alwil Software
[2007-09-09|03:33] C:\Program Files\Apoint2K
[2007-12-01|17:52] C:\Program Files\Apple Software Update
[2000-08-29|16:13] C:\Program Files\AudioVis.dll
[2002-03-26|18:24] C:\Program Files\AV32UID.DAT
[2008-03-07|07:02] C:\Program Files\Avira
[2008-02-20|14:13] C:\Program Files\Battlefield Vietnam
[2007-12-08|23:14] C:\Program Files\BFG
[2008-04-25|21:11] C:\Program Files\Bitmaps
[2005-03-09|16:17] C:\Program Files\CDBurnProfiler.exe
[2008-04-04|23:22] C:\Program Files\CFWebAdvancedU
[2008-05-12|11:14] C:\Program Files\Common Files
[2005-07-28|14:20] C:\Program Files\composer.dll
[2007-08-10|08:40] C:\Program Files\CONEXANT
[2000-09-07|22:51] C:\Program Files\CPUINF32.DLL
[2008-04-25|21:13] C:\Program Files\CritOp.log
[2008-04-25|21:13] C:\Program Files\crm.ini
[2007-08-10|09:43] C:\Program Files\CyberLink
[2003-03-17|15:58] C:\Program Files\Dac32.dll
[2007-12-23|23:34] C:\Program Files\DAEMON Tools Lite
[2005-05-23|17:44] C:\Program Files\DB_MX.dll
[2007-12-02|14:06] C:\Program Files\desktop.ini
[2006-01-25|17:19] C:\Program Files\e-mode.ini
[2006-01-25|17:19] C:\Program Files\e-mode-upgradedialog.rtf
[2004-10-18|17:15] C:\Program Files\eModeUpgradeDlg.dll
[2006-01-25|17:20] C:\Program Files\e-mode-upgradedlg-exit.rtf
[2008-03-24|17:06] C:\Program Files\EPSON
[2006-02-07|14:33] C:\Program Files\exemaker.exe
[2004-08-19|12:51] C:\Program Files\EXIF09.dll
[2006-01-12|17:18] C:\Program Files\EXIF12.dll
[2003-02-12|11:20] C:\Program Files\explore.exe
[2007-11-27|14:33] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[2008-04-25|21:11] C:\Program Files\Firebird
[2004-05-04|11:53] C:\Program Files\gdiplus.dll
[2008-05-17|19:02] C:\Program Files\Google
[2008-03-09|14:32] C:\Program Files\Guitar Pro 5
[2000-09-08|14:05] C:\Program Files\hhprend.ax
[2000-10-26|13:28] C:\Program Files\HHVREND2.AX
[2003-04-09|17:30] C:\Program Files\HHWM9Prxy.dll
[2003-02-20|08:51] C:\Program Files\HHWMPrxy.dll
[2008-04-25|21:11] C:\Program Files\Icons
[1999-02-09|11:46] C:\Program Files\IJL10.DLL
[2006-04-21|11:58] C:\Program Files\IMxP_NokiaPCSuite.dll
[2005-10-28|17:11] C:\Program Files\IMxP_WmDevice.dll
[2005-05-18|15:10] C:\Program Files\IMxPNokiaPCSuite.ini
[2008-04-25|21:12] C:\Program Files\Install.cfg
[2008-04-25|21:11] C:\Program Files\INSTALL.LOG
[2008-04-25|21:12] C:\Program Files\INSTALL1.LOG
[2008-05-12|12:56] C:\Program Files\InstallShield Installation Information
[2005-08-22|17:26] C:\Program Files\instslct.exe
[2007-09-09|03:22] C:\Program Files\Intel
[2008-04-09|10:54] C:\Program Files\Internet Explorer
[2008-01-15|18:57] C:\Program Files\Inventel
[2008-04-24|12:40] C:\Program Files\IrfanView
[2008-05-15|22:18] C:\Program Files\Java
[2001-08-07|12:19] C:\Program Files\JWVidRend.ax
[2007-09-09|03:28] C:\Program Files\Launch Manager
[2007-12-01|12:11] C:\Program Files\Lavasoft
[2002-09-12|09:36] C:\Program Files\LFBMP13N.DLL
[2002-09-12|09:39] C:\Program Files\LFCMP13n.DLL
[2002-09-12|09:36] C:\Program Files\LFFAX13N.DLL
[2002-09-12|09:36] C:\Program Files\lfgif13n.dll
[2002-09-12|09:36] C:\Program Files\LFMSP13N.DLL
[2002-09-12|09:36] C:\Program Files\LFPCD13N.DLL
[2002-09-12|09:36] C:\Program Files\LFPCX13N.DLL
[2002-09-12|09:40] C:\Program Files\Lfpng13n.dll
[2002-09-12|09:37] C:\Program Files\LFPNM13n.dll
[2002-09-12|09:37] C:\Program Files\LFPSD13N.DLL
[2002-09-12|09:37] C:\Program Files\LFRAS13N.DLL
[2002-09-12|09:37] C:\Program Files\LFTGA13N.DLL
[2002-09-12|09:39] C:\Program Files\LFTIF13N.DLL
[2003-10-21|00:11] C:\Program Files\libexpat.dll
[2008-04-25|21:11] C:\Program Files\license.txt
[2002-09-11|11:26] C:\Program Files\LTCLR13n.dll
[2002-09-12|09:36] C:\Program Files\LTDIS13n.dll
[2002-09-12|09:36] C:\Program Files\LTEFX13N.DLL
[2002-09-12|09:36] C:\Program Files\LTFIL13N.DLL
[2002-09-12|09:36] C:\Program Files\LTIMG13N.DLL
[2002-09-12|09:35] C:\Program Files\LTKRN13N.DLL
[2002-09-12|09:38] C:\Program Files\Ltwvc13n.dll
[2008-04-25|21:11] C:\Program Files\MAGIX Tirage en ligne
[2006-01-18|12:03] C:\Program Files\MagixOFA.dll
[2006-01-18|12:29] C:\Program Files\MagixOFA-fr.dll
[2004-04-15|15:48] C:\Program Files\MagixUpdater.exe
[2006-04-11|16:25] C:\Program Files\MAGIXviewer.exe
[2008-02-22|12:11] C:\Program Files\Maple 10
[2008-01-05|22:20] C:\Program Files\Media Player Classic
[2005-12-13|18:18] C:\Program Files\MFL.dll
[2008-04-06|11:47] C:\Program Files\Microsoft Games
[2006-11-02|14:42] C:\Program Files\Movie Maker
[2008-04-21|18:27] C:\Program Files\Mozilla Firefox
[2006-01-11|16:23] C:\Program Files\mp3encoder_upgrade.rtf
[2002-03-08|08:09] C:\Program Files\mp3pro_upgrade.rtf
[2004-08-20|15:16] C:\Program Files\mpeg2.dll
[2006-11-02|14:37] C:\Program Files\MSBuild
[2006-11-02|14:37] C:\Program Files\MSN
[2008-01-31|23:17] C:\Program Files\MSN Messenger
[2007-12-01|17:38] C:\Program Files\MSXML 4.0
[2003-08-24|18:35] C:\Program Files\mviewer.ocx
[2005-03-31|17:20] C:\Program Files\MxAutoUpdate.dll
[2008-04-25|21:13] C:\Program Files\mxdba.log
[2006-02-17|14:57] C:\Program Files\MXTLC.dll
[2004-03-22|19:38] C:\Program Files\MXWIA.dll
[2007-08-10|09:18] C:\Program Files\NewTech Infosystems
[2008-05-16|09:31] C:\Program Files\OpenOffice.org 2.4
[2008-01-15|19:08] C:\Program Files\OrangeHSS
[2006-05-31|15:49] C:\Program Files\order.rtf
[2006-04-10|09:55] C:\Program Files\Oxa1971.dll
[2008-04-25|21:11] C:\Program Files\Palette
[2005-05-10|08:42] C:\Program Files\photoid.dll
[2006-03-02|18:42] C:\Program Files\Photomaker.cnt
[2006-03-15|10:32] C:\Program Files\PhotoMaker.exe
[2006-03-02|18:42] C:\Program Files\Photomaker.hlp
[2008-04-25|21:13] C:\Program Files\PhotoMaker.ini
[2008-04-27|10:04] C:\Program Files\Picasa2
[2004-08-03|11:43] C:\Program Files\PlayRIpl.dll
[2006-01-09|11:26] C:\Program Files\PredefinedCategories.ini
[2008-02-27|00:16] C:\Program Files\ProtectionAssuree
[2007-12-01|17:54] C:\Program Files\QuickTime
[2000-08-26|00:56] C:\Program Files\RD32UID.DAT
[2007-12-16|12:45] C:\Program Files\Real
[2008-01-05|22:20] C:\Program Files\Real Alternative
[2007-08-10|08:31] C:\Program Files\Realtek
[2006-11-02|14:37] C:\Program Files\Reference Assemblies
[2008-04-25|21:11] C:\Program Files\register.rtf
[2005-05-20|14:10] C:\Program Files\reinstall3rdParty.exe
[2008-04-25|21:11] C:\Program Files\reinstall3rdParty.ini
[1999-12-10|13:00] C:\Program Files\riched20.dll
[2005-06-13|14:31] C:\Program Files\Rn5d3288.dll
[2002-06-24|12:00] C:\Program Files\samsig.dll
[2002-06-24|12:00] C:\Program Files\samsigA6.dll
[2002-06-24|12:00] C:\Program Files\samsigM5.dll
[2002-06-24|12:00] C:\Program Files\samsigM6.dll
[2002-06-24|12:00] C:\Program Files\samsigP5.dll
[2002-06-24|12:00] C:\Program Files\samsigP6.dll
[2002-06-24|12:00] C:\Program Files\samsigPX.dll
[2002-06-24|12:00] C:\Program Files\samsigW7.dll
[2005-08-04|17:38] C:\Program Files\Shortcuts.ini
[2008-04-25|21:15] C:\Program Files\shutdown.log
[2007-12-02|16:59] C:\Program Files\Sierra On-Line
[2008-04-25|21:06] C:\Program Files\Skins
[2008-05-17|21:05] C:\Program Files\Sun
[2005-11-02|15:43] C:\Program Files\support.rtf
[2007-09-09|03:22] C:\Program Files\SUYIN
[2003-01-28|12:23] C:\Program Files\thunk16.dll
[2003-01-28|12:18] C:\Program Files\thunk3216.dll
[2005-08-30|17:12] C:\Program Files\Tooltip.ini
[2008-06-04|09:24] C:\Program Files\Trend Micro
[2000-08-26|00:59] C:\Program Files\UID.DAT
[2006-11-02|15:01] C:\Program Files\Uninstall Information
[2005-06-22|15:42] C:\Program Files\uninstall.exe
[2002-02-18|11:06] C:\Program Files\uninstall.ini
[2005-08-22|17:40] C:\Program Files\unwise.adf
[2006-03-22|16:23] C:\Program Files\unwise.exe
[2008-04-25|21:11] C:\Program Files\unwise.ini
[1997-12-22|01:30] C:\Program Files\UNZDLL.DLL
[2006-01-23|11:10] C:\Program Files\Upgrade.rtf
[2008-02-21|01:04] C:\Program Files\uTorrent
[2006-02-27|10:43] C:\Program Files\Validation.exe
[2008-04-25|21:11] C:\Program Files\Validation.ini
[2008-04-25|21:06] C:\Program Files\VideoFX
[2008-04-25|21:11] C:\Program Files\Visuals
[2008-05-18|18:58] C:\Program Files\VLC
[2008-02-15|22:50] C:\Program Files\Webteh
[2008-05-12|11:49] C:\Program Files\Winamp
[2008-02-19|12:24] C:\Program Files\Winamp Remote
[2007-12-02|13:59] C:\Program Files\Windows Calendar
[2006-11-02|14:42] C:\Program Files\Windows Collaboration
[2007-08-10|09:22] C:\Program Files\Windows Defender
[2006-11-02|14:42] C:\Program Files\Windows Journal
[2008-05-14|08:58] C:\Program Files\Windows Mail
[2007-12-02|13:59] C:\Program Files\Windows Media Player
[2007-11-27|14:33] C:\Program Files\Windows NT
[2006-11-02|14:42] C:\Program Files\Windows Photo Gallery
[2008-01-16|00:21] C:\Program Files\Windows Sidebar
[2007-12-23|23:36] C:\Program Files\WinRAR
[2000-09-14|11:23] C:\Program Files\WMServerReader.dll
[2005-06-21|19:06] C:\Program Files\xutility.dll
[2004-02-11|18:28] C:\Program Files\xviewer.exe
[2003-07-11|17:01] C:\Program Files\xviewer.ocx
[2003-08-24|18:17] C:\Program Files\xviewer.scr
[2008-02-08|12:44] C:\Program Files\Zero G Registry
[2008-04-06|11:51] C:\Program Files\zeux
[2004-10-22|17:41] C:\Program Files\Zipdll.dll

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

[2008-05-09|23:54] C:\Program Files\Common Files\Adobe
[2008-01-15|19:00] C:\Program Files\Common Files\France Telecom
[2007-08-10|09:30] C:\Program Files\Common Files\InstallShield
[2008-03-21|20:28] C:\Program Files\Common Files\Java
[2007-08-10|09:18] C:\Program Files\Common Files\LightScribe
[2008-03-09|13:00] C:\Program Files\Common Files\Macrovision Shared
[2008-04-25|21:06] C:\Program Files\Common Files\MAGIX Shared
[2008-05-12|11:52] C:\Program Files\Common Files\microsoft shared
[2007-08-10|09:18] C:\Program Files\Common Files\muvee Technologies
[2007-08-10|09:19] C:\Program Files\Common Files\NewTech Infosystems
[2008-05-12|12:56] C:\Program Files\Common Files\Nikon
[2008-02-19|15:28] C:\Program Files\Common Files\NSV
[2008-01-02|00:31] C:\Program Files\Common Files\Real
[2008-01-13|11:33] C:\Program Files\Common Files\Sandlot Shared
[2006-11-02|13:18] C:\Program Files\Common Files\Services
[2007-09-09|03:22] C:\Program Files\Common Files\snp2uvc
[2006-11-02|13:18] C:\Program Files\Common Files\SpeechEngines
[2008-05-12|11:49] C:\Program Files\Common Files\Symantec Shared
[2007-08-10|09:22] C:\Program Files\Common Files\System
[2007-12-01|12:10] C:\Program Files\Common Files\Wise Installation Wizard

---------------------------[ Process ]--------------------------

... 76

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

C:\ProgramData\Ace help pile.awk56
C:\ProgramData\Tool Software Software.96z0k
C:\ProgramData\Tool Software Software.dw5jyp
C:\ProgramData\Tool Software Software.nawcc6
C:\ProgramData\Tool Software Software.qc3u2lv
C:\ProgramData\Ace help pile.awk56
C:\ProgramData\Tool Software Software.96z0k
C:\ProgramData\Tool Software Software.dw5jyp

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\ProgramData\Ford drive four file
C:\ProgramData\Ford drive four file\Dale two.exe
C:\Program Files\3wPlayer
C:\Users\kiwi\AppData\Roaming\MICROS~1\Windows\Cookies\kiwi@adopt.euroclick[2].txt

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 17:13:17
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Users\kiwi\Desktop\Black&White II\Crack
=> C:\Users\kiwi\Desktop\Black&White II\Crack\white.exe
=> C:\Users\kiwi\Documents\Guitar Pro Tabs\Stone Temple Pilots\Crackerman.gtp
=> C:\Users\kiwi\Documents\Guitar Pro Tabs\Tabs\T\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Nutcracker Suite_ Miniature Overture.gp4
=> C:\Users\kiwi\Documents\Guitar Pro Tabs\Tabs\T\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Waltz Of The Flowers From The Nutcracker Ballet, Op. 71.gp3

[F:741][D:85]-> C:\Users\kiwi\AppData\Local\Temp
[F:170][D:1]-> C:\Users\kiwi\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2281][D:8]-> C:\Users\kiwi\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:23][D:5]-> C:\$Recycle.Bin

[ UAC => 1 ]

--------------------[ Fin du rapport a 17:16:59.92 ]----------------------

Répondre à thekiwi888

je sais pas si ça peut aider mais antivir detecte de trojan régulièremenr et n'arrive pas a les effacer..

TR/Crypt.XPACK.Gen

Répondre à thekiwi888

Re,

Sélectionne entièrement l'encadré ci-dessous , puis clique droit Copier

C:\ProgramData\Ford drive four file
C:\ProgramData\Store Name Math

Relance Lop S&D

Choisis cette fois ci l'Option 4 (LopScript)
Une page blanche va s'ouvrir , clique droit dessus et choisis Coller
Ferme la page , il te sera demandé de l'enregistrer , clique sur [Enregistrer]
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré (C:\lopR.txt)

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Voila

-----------------------[ Lop S&D 4.2.1-2 XP/Vista ]---------------------

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : kiwi ] [ "C:\Lop SD" ] [ Selection : 4 ]
[ 2008-06-04 | 19:00:26.66 ] [ PC : OSCAR ]
[ MAJ : 01-06-2008 | 15:51 ]
[ UAC => 0 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ LopScript //////////////////////////////////

C:\ProgramData\Ford drive four file
C:\ProgramData\Store Name Math

Supprimé! - C:\ProgramData\Ford drive four file
Supprimé! - C:\ProgramData\Store Name Math

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprimé! - C:\Users\kiwi\AppData\Roaming\MICROS~1\Windows\Cookies\kiwi@adopt.euroclick[2].txt
Supprimé! - C:\ProgramData\Ace help pile.awk56
Supprimé! - C:\ProgramData\Tool Software Software.96z0k
Supprimé! - C:\ProgramData\Tool Software Software.dw5jyp
Supprimé! - C:\ProgramData\Tool Software Software.nawcc6
Supprimé! - C:\ProgramData\Tool Software Software.qc3u2lv
Supprimé! - C:\Program Files\3wPlayer
Restauré! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des dossiers dans Application Data ]------------

[2007-12-01|20:06] C:\Users\kiwi\AppData\Roaming\Adobe\Linguistics
[2007-11-27|15:14] C:\Users\kiwi\AppData\Roaming\Adobe\Acrobat

[2008-01-06|15:22] C:\Users\kiwi\AppData\Roaming\BSplayer\skins
[2008-01-06|15:18] C:\Users\kiwi\AppData\Roaming\BSplayer\bslib

[2007-12-06|23:50] C:\Users\kiwi\AppData\Roaming\CyberLink\PlayMovie
[2007-11-27|20:19] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerCinema
[2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\MediaCache
[2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerProducer
[2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerDVD

[2007-12-14|11:49] C:\Users\kiwi\AppData\Roaming\dvdcss\BENJAMIN-3230303630353330

[2008-05-17|19:10] C:\Users\kiwi\AppData\Roaming\Google\GoogleEarth
[2007-12-06|19:37] C:\Users\kiwi\AppData\Roaming\Google\Local Search History

[2007-11-27|14:38] C:\Users\kiwi\AppData\Roaming\Identities\{E4A6D14E-AF6E-4B60-9B48-AE1E1E7E03A5}

[2007-11-28|23:47] C:\Users\kiwi\AppData\Roaming\Leadertech\PowerRegister

[2008-02-26|22:30] C:\Users\kiwi\AppData\Roaming\Macromedia\Flash Player

[2008-04-25|21:13] C:\Users\kiwi\AppData\Roaming\MAGIX\PhotoMaker

[2008-05-20|16:43] C:\Users\kiwi\AppData\Roaming\Microsoft\Windows Photo Gallery
[2008-05-08|23:39] C:\Users\kiwi\AppData\Roaming\Microsoft\MSN Messenger
[2008-04-27|17:26] C:\Users\kiwi\AppData\Roaming\Microsoft\Office
[2008-04-27|17:26] C:\Users\kiwi\AppData\Roaming\Microsoft\OIS
[2008-04-06|12:34] C:\Users\kiwi\AppData\Roaming\Microsoft\Speech
[2008-04-06|11:46] C:\Users\kiwi\AppData\Roaming\Microsoft\eHome
[2008-03-21|20:15] C:\Users\kiwi\AppData\Roaming\Microsoft\Templates
[2008-02-01|02:26] C:\Users\kiwi\AppData\Roaming\Microsoft\Internet Explorer
[2008-01-31|23:18] C:\Users\kiwi\AppData\Roaming\Microsoft\IdentityCRL
[2008-01-31|23:14] C:\Users\kiwi\AppData\Roaming\Microsoft\Credentials
[2008-01-15|19:05] C:\Users\kiwi\AppData\Roaming\Microsoft\Network
[2007-12-26|16:39] C:\Users\kiwi\AppData\Roaming\Microsoft\Excel
[2007-12-20|00:36] C:\Users\kiwi\AppData\Roaming\Microsoft\Word
[2007-12-19|21:20] C:\Users\kiwi\AppData\Roaming\Microsoft\QuickStyles
[2007-12-19|19:22] C:\Users\kiwi\AppData\Roaming\Microsoft\UProof
[2007-12-14|11:38] C:\Users\kiwi\AppData\Roaming\Microsoft\Clip Organizer
[2007-12-09|16:00] C:\Users\kiwi\AppData\Roaming\Microsoft\HTML Help
[2007-12-09|00:17] C:\Users\kiwi\AppData\Roaming\Microsoft\OneNote
[2007-12-07|10:12] C:\Users\kiwi\AppData\Roaming\Microsoft\Proof
[2007-12-07|10:06] C:\Users\kiwi\AppData\Roaming\Microsoft\Document Building Blocks
[2007-12-07|10:06] C:\Users\kiwi\AppData\Roaming\Microsoft\AddIns
[2007-12-01|15:40] C:\Users\kiwi\AppData\Roaming\Microsoft\MMC
[2007-11-28|21:09] C:\Users\kiwi\AppData\Roaming\Microsoft\Windows
[2007-11-27|15:15] C:\Users\kiwi\AppData\Roaming\Microsoft\preuve
[2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\Protect
[2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\Crypto
[2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\SystemCertificates

[2007-12-02|16:10] C:\Users\kiwi\AppData\Roaming\Mozilla\Firefox

[2007-12-04|22:24] C:\Users\kiwi\AppData\Roaming\Nikon\PictureProject
[2007-12-01|17:45] C:\Users\kiwi\AppData\Roaming\Nikon\Message Center

[2008-03-21|20:33] C:\Users\kiwi\AppData\Roaming\OpenOffice.org2\user

[2008-02-26|21:36] C:\Users\kiwi\AppData\Roaming\PC Tools\Spyware Doctor

[2008-02-15|22:06] C:\Users\kiwi\AppData\Roaming\Real\RealMediaSDK
[2008-01-02|00:31] C:\Users\kiwi\AppData\Roaming\Real\RealPlayer

[2008-02-22|12:13] C:\Users\kiwi\AppData\Roaming\SecuROM\UserData

[2008-05-18|18:42] C:\Users\kiwi\AppData\Roaming\StarOffice8\user

[2008-03-26|09:55] C:\Users\kiwi\AppData\Roaming\vlc\cache

[2008-03-11|20:56] C:\Users\kiwi\AppData\Roaming\Winamp\Plugins

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

[2008-06-04 18:11][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{19BB1475-95D8-42A2-BBE3-6790E09093C7}.job
[2008-06-04 18:59][--ah-----] C:\Windows\tasks\SA.DAT
[2008-06-04 18:58][--a------] C:\Windows\tasks\SCHEDLGU.TXT

------[ Listing des dossiers dans C:\ProgramData ]------

[2007-08-10|09:59] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2008-02-28|00:55] C:\ProgramData\addr_file.html
[2008-05-09|23:54] C:\ProgramData\Adobe
[2007-12-01|17:52] C:\ProgramData\Apple
[2007-12-01|17:53] C:\ProgramData\Apple Computer
[2006-11-02|15:02] C:\ProgramData\Application Data
[2008-03-06|22:34] C:\ProgramData\Avira
[2008-05-29|18:10] C:\ProgramData\BM3fcd1696.txt
[2008-06-04|18:56] C:\ProgramData\BM3fcd1696.xml
[2007-11-27|14:33] C:\ProgramData\Bureau
[2007-11-27|14:48] C:\ProgramData\CyberLink
[2006-11-02|15:02] C:\ProgramData\Desktop
[2006-11-02|15:02] C:\ProgramData\Documents
[2007-12-01|17:42] C:\ProgramData\EnterNHelp
[2007-11-27|14:33] C:\ProgramData\Favoris
[2006-11-02|15:02] C:\ProgramData\Favorites
[2007-11-28|21:09] C:\ProgramData\Forge of Games
[2007-12-06|19:37] C:\ProgramData\Google
[2008-06-04|18:52] C:\ProgramData\Google Updater
[2008-05-12|12:56] C:\ProgramData\HAL
[2008-03-07|07:02] C:\ProgramData\Kaspersky Lab Setup Files
[2007-12-01|12:11] C:\ProgramData\Lavasoft
[2008-04-25|21:06] C:\ProgramData\MAGIX
[2008-02-22|12:13] C:\ProgramData\Media Center Programs
[2007-11-27|14:33] C:\ProgramData\Menu D‚marrer
[2008-02-21|01:07] C:\ProgramData\Microsoft
[2008-05-12|11:14] C:\ProgramData\Microsoft Help
[2007-11-27|14:33] C:\ProgramData\ModŠles
[2007-12-01|15:33] C:\ProgramData\MumboJumbo
[2007-09-09|03:27] C:\ProgramData\NVIDIA
[2008-02-19|12:24] C:\ProgramData\OrbNetworks
[2008-05-12|12:56] C:\ProgramData\PKP_DLds.DAT
[2008-04-25|20:55] C:\ProgramData\PKP_DLec.DAT
[2008-06-04|19:00] C:\ProgramData\pskt.ini
[2008-01-05|22:20] C:\ProgramData\Real
[2007-12-07|00:50] C:\ProgramData\Sandlot Games
[2006-11-02|15:02] C:\ProgramData\Start Menu
[2008-05-12|11:50] C:\ProgramData\Symantec
[2008-02-26|23:49] C:\ProgramData\TEMP
[2006-11-02|15:02] C:\ProgramData\Templates
[2007-12-08|23:15] C:\ProgramData\Trymedia
[2007-12-01|17:42] C:\ProgramData\Ultima_T15

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2007-09-09|03:30] C:\Program Files\Acer Arcade Deluxe
[2007-09-09|03:22] C:\Program Files\ACER Crystal Eye webcam
[2007-09-09|03:34] C:\Program Files\Acer Inc
[2007-08-10|09:59] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2006-05-12|12:31] C:\Program Files\addoninstall.exe
[2008-05-09|23:54] C:\Program Files\Adobe
[2008-01-13|11:13] C:\Program Files\Alwil Software
[2007-09-09|03:33] C:\Program Files\Apoint2K
[2007-12-01|17:52] C:\Program Files\Apple Software Update
[2000-08-29|16:13] C:\Program Files\AudioVis.dll
[2002-03-26|18:24] C:\Program Files\AV32UID.DAT
[2008-03-07|07:02] C:\Program Files\Avira
[2008-02-20|14:13] C:\Program Files\Battlefield Vietnam
[2007-12-08|23:14] C:\Program Files\BFG
[2008-04-25|21:11] C:\Program Files\Bitmaps
[2005-03-09|16:17] C:\Program Files\CDBurnProfiler.exe
[2008-04-04|23:22] C:\Program Files\CFWebAdvancedU
[2008-05-12|11:14] C:\Program Files\Common Files
[2005-07-28|14:20] C:\Program Files\composer.dll
[2007-08-10|08:40] C:\Program Files\CONEXANT
[2000-09-07|22:51] C:\Program Files\CPUINF32.DLL
[2008-04-25|21:13] C:\Program Files\CritOp.log
[2008-04-25|21:13] C:\Program Files\crm.ini
[2007-08-10|09:43] C:\Program Files\CyberLink
[2003-03-17|15:58] C:\Program Files\Dac32.dll
[2007-12-23|23:34] C:\Program Files\DAEMON Tools Lite
[2005-05-23|17:44] C:\Program Files\DB_MX.dll
[2007-12-02|14:06] C:\Program Files\desktop.ini
[2006-01-25|17:19] C:\Program Files\e-mode.ini
[2006-01-25|17:19] C:\Program Files\e-mode-upgradedialog.rtf
[2004-10-18|17:15] C:\Program Files\eModeUpgradeDlg.dll
[2006-01-25|17:20] C:\Program Files\e-mode-upgradedlg-exit.rtf
[2008-03-24|17:06] C:\Program Files\EPSON
[2006-02-07|14:33] C:\Program Files\exemaker.exe
[2004-08-19|12:51] C:\Program Files\EXIF09.dll
[2006-01-12|17:18] C:\Program Files\EXIF12.dll
[2003-02-12|11:20] C:\Program Files\explore.exe
[2007-11-27|14:33] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[2008-04-25|21:11] C:\Program Files\Firebird
[2004-05-04|11:53] C:\Program Files\gdiplus.dll
[2008-05-17|19:02] C:\Program Files\Google
[2008-03-09|14:32] C:\Program Files\Guitar Pro 5
[2000-09-08|14:05] C:\Program Files\hhprend.ax
[2000-10-26|13:28] C:\Program Files\HHVREND2.AX
[2003-04-09|17:30] C:\Program Files\HHWM9Prxy.dll
[2003-02-20|08:51] C:\Program Files\HHWMPrxy.dll
[2008-04-25|21:11] C:\Program Files\Icons
[1999-02-09|11:46] C:\Program Files\IJL10.DLL
[2006-04-21|11:58] C:\Program Files\IMxP_NokiaPCSuite.dll
[2005-10-28|17:11] C:\Program Files\IMxP_WmDevice.dll
[2005-05-18|15:10] C:\Program Files\IMxPNokiaPCSuite.ini
[2008-04-25|21:12] C:\Program Files\Install.cfg
[2008-04-25|21:11] C:\Program Files\INSTALL.LOG
[2008-04-25|21:12] C:\Program Files\INSTALL1.LOG
[2008-05-12|12:56] C:\Program Files\InstallShield Installation Information
[2005-08-22|17:26] C:\Program Files\instslct.exe
[2007-09-09|03:22] C:\Program Files\Intel
[2008-04-09|10:54] C:\Program Files\Internet Explorer
[2008-01-15|18:57] C:\Program Files\Inventel
[2008-04-24|12:40] C:\Program Files\IrfanView
[2008-05-15|22:18] C:\Program Files\Java
[2001-08-07|12:19] C:\Program Files\JWVidRend.ax
[2007-09-09|03:28] C:\Program Files\Launch Manager
[2007-12-01|12:11] C:\Program Files\Lavasoft
[2002-09-12|09:36] C:\Program Files\LFBMP13N.DLL
[2002-09-12|09:39] C:\Program Files\LFCMP13n.DLL
[2002-09-12|09:36] C:\Program Files\LFFAX13N.DLL
[2002-09-12|09:36] C:\Program Files\lfgif13n.dll
[2002-09-12|09:36] C:\Program Files\LFMSP13N.DLL
[2002-09-12|09:36] C:\Program Files\LFPCD13N.DLL
[2002-09-12|09:36] C:\Program Files\LFPCX13N.DLL
[2002-09-12|09:40] C:\Program Files\Lfpng13n.dll
[2002-09-12|09:37] C:\Program Files\LFPNM13n.dll
[2002-09-12|09:37] C:\Program Files\LFPSD13N.DLL
[2002-09-12|09:37] C:\Program Files\LFRAS13N.DLL
[2002-09-12|09:37] C:\Program Files\LFTGA13N.DLL
[2002-09-12|09:39] C:\Program Files\LFTIF13N.DLL
[2003-10-21|00:11] C:\Program Files\libexpat.dll
[2008-04-25|21:11] C:\Program Files\license.txt
[2002-09-11|11:26] C:\Program Files\LTCLR13n.dll
[2002-09-12|09:36] C:\Program Files\LTDIS13n.dll
[2002-09-12|09:36] C:\Program Files\LTEFX13N.DLL
[2002-09-12|09:36] C:\Program Files\LTFIL13N.DLL
[2002-09-12|09:36] C:\Program Files\LTIMG13N.DLL
[2002-09-12|09:35] C:\Program Files\LTKRN13N.DLL
[2002-09-12|09:38] C:\Program Files\Ltwvc13n.dll
[2008-04-25|21:11] C:\Program Files\MAGIX Tirage en ligne
[2006-01-18|12:03] C:\Program Files\MagixOFA.dll
[2006-01-18|12:29] C:\Program Files\MagixOFA-fr.dll
[2004-04-15|15:48] C:\Program Files\MagixUpdater.exe
[2006-04-11|16:25] C:\Program Files\MAGIXviewer.exe
[2008-02-22|12:11] C:\Program Files\Maple 10
[2008-01-05|22:20] C:\Program Files\Media Player Classic
[2005-12-13|18:18] C:\Program Files\MFL.dll
[2008-04-06|11:47] C:\Program Files\Microsoft Games
[2006-11-02|14:42] C:\Program Files\Movie Maker
[2008-04-21|18:27] C:\Program Files\Mozilla Firefox
[2006-01-11|16:23] C:\Program Files\mp3encoder_upgrade.rtf
[2002-03-08|08:09] C:\Program Files\mp3pro_upgrade.rtf
[2004-08-20|15:16] C:\Program Files\mpeg2.dll
[2006-11-02|14:37] C:\Program Files\MSBuild
[2006-11-02|14:37] C:\Program Files\MSN
[2008-01-31|23:17] C:\Program Files\MSN Messenger
[2007-12-01|17:38] C:\Program Files\MSXML 4.0
[2003-08-24|18:35] C:\Program Files\mviewer.ocx
[2005-03-31|17:20] C:\Program Files\MxAutoUpdate.dll
[2008-04-25|21:13] C:\Program Files\mxdba.log
[2006-02-17|14:57] C:\Program Files\MXTLC.dll
[2004-03-22|19:38] C:\Program Files\MXWIA.dll
[2007-08-10|09:18] C:\Program Files\NewTech Infosystems
[2008-05-16|09:31] C:\Program Files\OpenOffice.org 2.4
[2008-01-15|19:08] C:\Program Files\OrangeHSS
[2006-05-31|15:49] C:\Program Files\order.rtf
[2006-04-10|09:55] C:\Program Files\Oxa1971.dll
[2008-04-25|21:11] C:\Program Files\Palette
[2005-05-10|08:42] C:\Program Files\photoid.dll
[2006-03-02|18:42] C:\Program Files\Photomaker.cnt
[2006-03-15|10:32] C:\Program Files\PhotoMaker.exe
[2006-03-02|18:42] C:\Program Files\Photomaker.hlp
[2008-04-25|21:13] C:\Program Files\PhotoMaker.ini
[2008-04-27|10:04] C:\Program Files\Picasa2
[2004-08-03|11:43] C:\Program Files\PlayRIpl.dll
[2006-01-09|11:26] C:\Program Files\PredefinedCategories.ini
[2008-02-27|00:16] C:\Program Files\ProtectionAssuree
[2007-12-01|17:54] C:\Program Files\QuickTime
[2000-08-26|00:56] C:\Program Files\RD32UID.DAT
[2007-12-16|12:45] C:\Program Files\Real
[2008-01-05|22:20] C:\Program Files\Real Alternative
[2007-08-10|08:31] C:\Program Files\Realtek
[2006-11-02|14:37] C:\Program Files\Reference Assemblies
[2008-04-25|21:11] C:\Program Files\register.rtf
[2005-05-20|14:10] C:\Program Files\reinstall3rdParty.exe
[2008-04-25|21:11] C:\Program Files\reinstall3rdParty.ini
[1999-12-10|13:00] C:\Program Files\riched20.dll
[2005-06-13|14:31] C:\Program Files\Rn5d3288.dll
[2002-06-24|12:00] C:\Program Files\samsig.dll
[2002-06-24|12:00] C:\Program Files\samsigA6.dll
[2002-06-24|12:00] C:\Program Files\samsigM5.dll
[2002-06-24|12:00] C:\Program Files\samsigM6.dll
[2002-06-24|12:00] C:\Program Files\samsigP5.dll
[2002-06-24|12:00] C:\Program Files\samsigP6.dll
[2002-06-24|12:00] C:\Program Files\samsigPX.dll
[2002-06-24|12:00] C:\Program Files\samsigW7.dll
[2005-08-04|17:38] C:\Program Files\Shortcuts.ini
[2008-04-25|21:15] C:\Program Files\shutdown.log
[2007-12-02|16:59] C:\Program Files\Sierra On-Line
[2008-04-25|21:06] C:\Program Files\Skins
[2008-05-17|21:05] C:\Program Files\Sun
[2005-11-02|15:43] C:\Program Files\support.rtf
[2007-09-09|03:22] C:\Program Files\SUYIN
[2003-01-28|12:23] C:\Program Files\thunk16.dll
[2003-01-28|12:18] C:\Program Files\thunk3216.dll
[2005-08-30|17:12] C:\Program Files\Tooltip.ini
[2008-06-04|09:24] C:\Program Files\Trend Micro
[2000-08-26|00:59] C:\Program Files\UID.DAT
[2006-11-02|15:01] C:\Program Files\Uninstall Information
[2005-06-22|15:42] C:\Program Files\uninstall.exe
[2002-02-18|11:06] C:\Program Files\uninstall.ini
[2005-08-22|17:40] C:\Program Files\unwise.adf
[2006-03-22|16:23] C:\Program Files\unwise.exe
[2008-04-25|21:11] C:\Program Files\unwise.ini
[1997-12-22|01:30] C:\Program Files\UNZDLL.DLL
[2006-01-23|11:10] C:\Program Files\Upgrade.rtf
[2008-02-21|01:04] C:\Program Files\uTorrent
[2006-02-27|10:43] C:\Program Files\Validation.exe
[2008-04-25|21:11] C:\Program Files\Validation.ini
[2008-04-25|21:06] C:\Program Files\VideoFX
[2008-04-25|21:11] C:\Program Files\Visuals
[2008-05-18|18:58] C:\Program Files\VLC
[2008-02-15|22:50] C:\Program Files\Webteh
[2008-05-12|11:49] C:\Program Files\Winamp
[2008-02-19|12:24] C:\Program Files\Winamp Remote
[2007-12-02|13:59] C:\Program Files\Windows Calendar
[2006-11-02|14:42] C:\Program Files\Windows Collaboration
[2007-08-10|09:22] C:\Program Files\Windows Defender
[2006-11-02|14:42] C:\Program Files\Windows Journal
[2008-05-14|08:58] C:\Program Files\Windows Mail
[2007-12-02|13:59] C:\Program Files\Windows Media Player
[2007-11-27|14:33] C:\Program Files\Windows NT
[2006-11-02|14:42] C:\Program Files\Windows Photo Gallery
[2008-01-16|00:21] C:\Program Files\Windows Sidebar
[2007-12-23|23:36] C:\Program Files\WinRAR
[2000-09-14|11:23] C:\Program Files\WMServerReader.dll
[2005-06-21|19:06] C:\Program Files\xutility.dll
[2004-02-11|18:28] C:\Program Files\xviewer.exe
[2003-07-11|17:01] C:\Program Files\xviewer.ocx
[2003-08-24|18:17] C:\Program Files\xviewer.scr
[2008-02-08|12:44] C:\Program Files\Zero G Registry
[2008-04-06|11:51] C:\Program Files\zeux
[2004-10-22|17:41] C:\Program Files\Zipdll.dll

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

[2008-05-09|23:54] C:\Program Files\Common Files\Adobe
[2008-01-15|19:00] C:\Program Files\Common Files\France Telecom
[2007-08-10|09:30] C:\Program Files\Common Files\InstallShield
[2008-03-21|20:28] C:\Program Files\Common Files\Java
[2007-08-10|09:18] C:\Program Files\Common Files\LightScribe
[2008-03-09|13:00] C:\Program Files\Common Files\Macrovision Shared
[2008-04-25|21:06] C:\Program Files\Common Files\MAGIX Shared
[2008-05-12|11:52] C:\Program Files\Common Files\microsoft shared
[2007-08-10|09:18] C:\Program Files\Common Files\muvee Technologies
[2007-08-10|09:19] C:\Program Files\Common Files\NewTech Infosystems
[2008-05-12|12:56] C:\Program Files\Common Files\Nikon
[2008-02-19|15:28] C:\Program Files\Common Files\NSV
[2008-01-02|00:31] C:\Program Files\Common Files\Real
[2008-01-13|11:33] C:\Program Files\Common Files\Sandlot Shared
[2006-11-02|13:18] C:\Program Files\Common Files\Services
[2007-09-09|03:22] C:\Program Files\Common Files\snp2uvc
[2006-11-02|13:18] C:\Program Files\Common Files\SpeechEngines
[2008-05-12|11:49] C:\Program Files\Common Files\Symantec Shared
[2007-08-10|09:22] C:\Program Files\Common Files\System
[2007-12-01|12:10] C:\Program Files\Common Files\Wise Installation Wizard

---------------------------[ Process ]--------------------------

... 78

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 19:03:28
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Users\kiwi\Desktop\Black&White II\Crack
=> C:\Users\kiwi\Desktop\Black&White II\Crack\white.exe
=> C:\Users\kiwi\Documents\Guitar Pro Tabs\Stone Temple Pilots\Crackerman.gtp
=> C:\Users\kiwi\Documents\Guitar Pro Tabs\Tabs\T\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Nutcracker Suite_ Miniature Overture.gp4
=> C:\Users\kiwi\Documents\Guitar Pro Tabs\Tabs\T\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Waltz Of The Flowers From The Nutcracker Ballet, Op. 71.gp3

[F:742][D:85]-> C:\Users\kiwi\AppData\Local\Temp
[F:169][D:1]-> C:\Users\kiwi\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2282][D:8]-> C:\Users\kiwi\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:23][D:5]-> C:\$Recycle.Bin

[ UAC => 1 ]

--------------------[ Fin du rapport a 19:07:24.00 ]----------------------

Au moment de démarrer il m'affiche ce message d'errreur :

C:\Users\kiwi\AppData\local\Temp\opnolIXQ.Dll

Répondre à thekiwi888

Le deuzieme trojan est

TR\Lowzones.SG

Répondre à thekiwi888

Ah

Télécharge FindAWF.

Enregistre le sur ton Bureau.
Double clique sur FindAWF.exe pour le lancer.
Appuie sur une touche comme demandé pour continuer.

Si ton antivirus réagit, ignore son alerte, et laisse le programme s’exécuter.

Tape 1, puis valide pour lancer Scan For Bak Folders.
Patiente pendant la durée du scan ..
Poste le rapport généré : Find AWF report

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

Répondre à thekiwi888

Où est détecté le fichier ? Et son nom ?

Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )

Démarrer / tous les programmes / accessoires / Executer, tape ceci :

"%SystemDrive%\Lop SD\LopSD" /AWF

Poste le log généré à la fin.

Message édité par XmichouX le 04-06-2008 à 23:45:42

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

[\\\\\\\\\\\\\\\\\\\\\\\\\\\\\[ AWF ]\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]

[ Microsoft Windows [version 6.0.6000] Windows_NT ]
[ "C:\Lop SD" ]
[ 2008-06-05 | 8:44:42.34 ] [ OSCAR ]

[\\\\\\\\\\\\\\\\\\\\\[ Recherche de dossiers BAK\* ]\\\\\\\\\\\\\\\\\\\\\]

Aucun dossier BAK\* trouvé !
¨

[\\\\\\\\\\\\\\\\\\\\\\[ Recherche de dossiers BAK ]\\\\\\\\\\\\\\\\\\\\\\]

Aucun dossier BAK trouvé !
¨

[\\\\\\\\\\\\\\\\\\\\\[ Fin du rapport à 8:44:42.40 ]\\\\\\\\\\\\\\\\\\\\]

Répondre à thekiwi888

Je crois pas qu'il arrive a faire le scan , au bout de 5 min, la fenetre m'affiche toujours scan en cours et une fenetre windows s'affiche pour me dire que le programm utiliraire QGREP , recherche de chaine de caractère a cesser de fonctionner et qu'il va mettre fin a l'application . Il me l'envoie deux fois , et quand je clique sur ok pour la deusieme fois (pas d'(autre choix) le scan se termine...

Répondre à thekiwi888

Et y m'affiche encore un module d'erreur au démarrage

Répondre à thekiwi888

Re,

Poste un nouveau rapport HijackThis.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:25, on 2008-06-04
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\kiwi\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBqQKaw.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Biasdelete] "C:\ProgramData\Tool Software Software.nawcc6"
O4 - HKCU\..\Run: [Four file program mode] "C:\ProgramData\Ace help pile.awk56"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\kiwi\AppData\Local\Temp\geBqRlKb.dll,#1
O4 - HKCU\..\Run: [3cfe250a] rundll32.exe "C:\Users\kiwi\AppData\Local\Temp\sssjcufm.dll",b
O4 - HKCU\..\Run: [BM3fcd1696] Rundll32.exe "C:\Users\kiwi\AppData\Local\Temp\dqbnuvoa.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/adva [...] module.exe
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9695 bytes

Répondre à thekiwi888

Re,

Télécharge ComboFix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique sur ComboFix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Il veut pas me l'ouvrir
Un message d'erreur me dit :'une référence a été renvoyé par le serveur'
...

Répondre à thekiwi888

Téléchargement ou exécution du logiciel ?

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Execution du logiciel , il est sur mon bureau , je doublie clique et c'est a ce moment que s'affiche le message !!!!

Répondre à thekiwi888

Essaie en mode sans échec.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

re ,
Impec en mode sans echec, voila le log

ComboFix 08-06-05.2 - kiwi 2008-06-05 20:00:55.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1577 [GMT 2:00]
Endroit: C:\Users\kiwi\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\ACER.exe
C:\Windows\system32\kmd.exe
C:\Windows\system32\mlJYqNFv.dll
C:\Windows\system32\pmnoOGYO.dll
C:\Windows\system32\ssqOHywV.dll
C:\Windows\system32\xxyyyYqo.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
.

2008-06-04 17:06 . 2008-06-04 19:07 <REP> d-------- C:\Lop SD
2008-06-04 09:24 . 2008-06-04 09:24 <REP> d-------- C:\Program Files\Trend Micro
2008-05-29 22:00 . 2008-06-03 17:44 250,157,889 --a------ C:\Windows\MEMORY.DMP
2008-05-28 05:06 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 05:06 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-27 23:09 . 2008-05-27 23:09 <REP> d-------- C:\Users\Public\Asa [Asha]
2008-05-18 18:42 . 2008-05-18 18:52 <REP> d-------- C:\Users\kiwi\AppData\Roaming\StarOffice8
2008-05-17 21:05 . 2008-05-17 21:05 <REP> d-------- C:\Program Files\Sun
2008-05-17 19:00 . 2008-06-04 18:52 <REP> d-------- C:\Users\All Users\Google Updater
2008-05-17 19:00 . 2008-06-04 18:52 <REP> d-------- C:\PROGRA~2\Google Updater
2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Program Files\OpenOffice.org 2.4

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 10:45 --------- d-----w C:\Users\kiwi\AppData\Roaming\uTorrent
2008-06-01 17:14 41,192 ----a-w C:\Users\kiwi\AppData\Roaming\nvModes.dat
2008-06-01 16:18 --------- d-----w C:\Users\kiwi\AppData\Roaming\OpenOffice.org2
2008-05-18 16:58 --------- d-----w C:\Program Files\VLC
2008-05-17 17:02 --------- d-----w C:\Program Files\Google
2008-05-15 20:18 --------- d-----w C:\Program Files\Java
2008-05-14 06:58 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 10:56 0 ---h--w C:\Users\All Users\PKP_DLds.DAT
2008-05-12 10:56 0 ---h--w C:\PROGRA~2\PKP_DLds.DAT
2008-05-12 10:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 10:56 --------- d-----w C:\Program Files\Common Files\Nikon
2008-05-12 09:50 --------- d-----w C:\PROGRA~2\Symantec
2008-05-12 09:49 --------- d-----w C:\Program Files\Winamp
2008-05-12 09:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-12 09:14 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-09 21:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-27 08:04 --------- d-----w C:\Program Files\Picasa2
2008-04-25 19:15 0 ----a-w C:\Program Files\shutdown.log
2008-04-25 19:13 314 ----a-w C:\Program Files\PhotoMaker.ini
2008-04-25 19:13 205 ----a-w C:\Program Files\crm.ini
2008-04-25 19:13 0 ---ha-w C:\Program Files\CritOp.log
2008-04-25 19:13 0 ----a-w C:\Program Files\mxdba.log
2008-04-25 19:13 --------- d-----w C:\Users\kiwi\AppData\Roaming\MAGIX
2008-04-25 19:12 21,273 ----a-w C:\Program Files\INSTALL1.LOG
2008-04-25 19:12 2,378 ----a-w C:\Program Files\Install.cfg
2008-04-25 19:11 933 ----a-w C:\Program Files\reinstall3rdParty.ini
2008-04-25 19:11 689 ----a-w C:\Program Files\unwise.ini
2008-04-25 19:11 33,667 ----a-w C:\Program Files\license.txt
2008-04-25 19:11 146 ----a-w C:\Program Files\Validation.ini
2008-04-25 19:11 14,681 ----a-w C:\Program Files\register.rtf
2008-04-25 19:11 126,279 ----a-w C:\Program Files\INSTALL.LOG
2008-04-25 19:11 --------- d-----w C:\Program Files\Visuals
2008-04-25 19:11 --------- d-----w C:\Program Files\Palette
2008-04-25 19:11 --------- d-----w C:\Program Files\MAGIX Tirage en ligne
2008-04-25 19:11 --------- d-----w C:\Program Files\Icons
2008-04-25 19:11 --------- d-----w C:\Program Files\Firebird
2008-04-25 19:11 --------- d-----w C:\Program Files\Bitmaps
2008-04-25 19:06 --------- d-----w C:\Program Files\VideoFX
2008-04-25 19:06 --------- d-----w C:\Program Files\Skins
2008-04-25 19:06 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-04-25 19:06 --------- d-----w C:\PROGRA~2\MAGIX
2008-04-25 18:55 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
2008-04-25 18:55 20 ---h--w C:\PROGRA~2\PKP_DLec.DAT
2008-04-24 10:40 --------- d-----w C:\Program Files\IrfanView
2008-04-06 09:51 --------- d-----w C:\Program Files\zeux
2008-04-06 09:47 --------- d-----w C:\Program Files\Microsoft Games
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-12-02 12:06 174 --sha-w C:\Program Files\desktop.ini
2007-11-27 12:56 0 ----a-w C:\Users\kiwi\AppData\Roaming\wklnhst.dat
2006-05-31 13:49 13,094 ----a-w C:\Program Files\order.rtf
2006-05-12 10:31 269,397 ----a-w C:\Program Files\addoninstall.exe
2006-04-21 09:58 53,248 ----a-w C:\Program Files\IMxP_NokiaPCSuite.dll
2006-04-11 14:25 1,961,472 ----a-w C:\Program Files\MAGIXviewer.exe
2006-04-10 07:55 229,484 ----a-w C:\Program Files\Oxa1971.dll
2006-03-22 14:23 176,128 ----a-w C:\Program Files\unwise.exe
2006-03-15 08:32 7,735,180 ----a-w C:\Program Files\PhotoMaker.exe
2006-03-02 16:42 6,468 ----a-w C:\Program Files\Photomaker.cnt
2006-03-02 16:42 2,113,719 ----a-w C:\Program Files\Photomaker.hlp
2006-02-27 08:43 24,576 ----a-w C:\Program Files\Validation.exe
2006-02-17 12:57 475,136 ----a-w C:\Program Files\MXTLC.dll
2006-02-07 12:33 92,160 ----a-w C:\Program Files\exemaker.exe
2006-01-25 15:20 6,566 ----a-w C:\Program Files\e-mode-upgradedlg-exit.rtf
2006-01-25 15:19 6,602 ----a-w C:\Program Files\e-mode-upgradedialog.rtf
2006-01-25 15:19 2,691 ----a-w C:\Program Files\e-mode.ini
2006-01-23 09:10 2,701 ----a-w C:\Program Files\Upgrade.rtf
2006-01-18 10:29 86,016 ----a-w C:\Program Files\MagixOFA-fr.dll
2006-01-18 10:03 626,688 ----a-w C:\Program Files\MagixOFA.dll
2006-01-12 15:18 49,152 ----a-w C:\Program Files\EXIF12.dll
2006-01-11 14:23 2,280 ----a-w C:\Program Files\mp3encoder_upgrade.rtf
2006-01-09 09:26 671 ----a-w C:\Program Files\PredefinedCategories.ini
2005-12-13 16:18 442,368 ----a-w C:\Program Files\MFL.dll
2005-11-02 13:43 10,291 ----a-w C:\Program Files\support.rtf
2005-10-28 15:11 270,336 ----a-w C:\Program Files\IMxP_WmDevice.dll
2005-08-30 15:12 2,729 ----a-w C:\Program Files\Tooltip.ini
2005-08-22 15:40 81,920 ----a-w C:\Program Files\unwise.adf
2005-08-22 15:26 176,128 ----a-w C:\Program Files\instslct.exe
2005-08-04 15:38 4,511 ----a-w C:\Program Files\Shortcuts.ini
2005-07-28 12:20 564,142 ----a-w C:\Program Files\composer.dll
2005-06-22 13:42 128,512 ----a-w C:\Program Files\uninstall.exe
2005-06-21 17:06 35,840 ----a-w C:\Program Files\xutility.dll
2005-06-13 12:31 102,400 ----a-w C:\Program Files\Rn5d3288.dll
2005-05-23 15:44 172,032 ----a-w C:\Program Files\DB_MX.dll
2005-05-20 12:10 192,512 ----a-w C:\Program Files\reinstall3rdParty.exe
2005-05-18 13:10 1,103 ----a-w C:\Program Files\IMxPNokiaPCSuite.ini
2005-05-10 06:42 1,163,264 ----a-w C:\Program Files\photoid.dll
2005-03-31 15:20 65,536 ----a-w C:\Program Files\MxAutoUpdate.dll
2005-03-09 14:17 34,304 ----a-w C:\Program Files\CDBurnProfiler.exe
2004-10-22 15:41 118,784 ----a-w C:\Program Files\Zipdll.dll
2004-10-18 15:15 212,992 ----a-w C:\Program Files\eModeUpgradeDlg.dll
2004-08-20 13:16 144,896 ----a-w C:\Program Files\mpeg2.dll
2004-08-19 10:51 45,056 ----a-w C:\Program Files\EXIF09.dll
2004-08-03 09:43 716,800 ----a-w C:\Program Files\PlayRIpl.dll
2004-05-04 09:53 1,645,320 ----a-w C:\Program Files\gdiplus.dll
2004-04-15 13:48 32,768 ----a-w C:\Program Files\MagixUpdater.exe
2004-03-22 17:38 110,592 ----a-w C:\Program Files\MXWIA.dll
2004-02-11 16:28 219,136 ----a-w C:\Program Files\xviewer.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{758A44CD-8365-447F-984B-B6B144F5B6E6}]
2008-05-23 22:15 370176 --a------ C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 00:21 1232896]
"Acer Tour Reminder"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 15:54 1286144]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-23 22:33 262401]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 09:29:07 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}"= C:\Windows\system32\xxyyyYqo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
"vidc.ffds"= C:\PROGRA~1\VLC\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exeV Wizard
"{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25219AE5-C395-490A-927D-5917C456B162}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4501C1FC-2596-4C90-8279-68E71179C8F6}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
"{2FA21601-CB39-4331-866E-40BD0890B95E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exelay Movie
"{F2EDC553-44F9-4BB6-A65B-C619B0F9AA3D}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exelay Movie Resident Program
"TCP Query User{A6A4212C-46B0-4D86-970A-F3910D1BB94F}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{5EAEB291-8EBC-4D14-B8B8-C77D87D262BA}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"{8F085BA9-5D2D-4897-9877-B2FA31C2D599}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{55093EC2-D8D3-4822-9DA4-B72DAD44F255}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{BAF5D7E9-168C-43C9-858F-F1CF197816D4}D:\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= UDP:\zeux\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{FAD46079-0209-4B7B-B626-39C5B1EEAE02}D:\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= TCP:\zeux\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{6F4DAA97-F672-4F19-B86D-204D39D4899F}C:\\program files\\half-life\\hl.exe"= UDP:C:\program files\half-life\hl.exe:Half-Life Launcher
"UDP Query User{DC22B9C5-FFDD-495D-ACF2-30B46ABDA4B0}C:\\program files\\half-life\\hl.exe"= TCP:C:\program files\half-life\hl.exe:Half-Life Launcher
"TCP Query User{BE00F0D4-3FAE-4A7D-A8BE-6B656A70460C}C:\\program files\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\zeux\ea games\battlefield 1942\bf1942.exe:BF1942.exe
"UDP Query User{CBF43121-F86E-4320-B1EE-08CDC11EE37E}C:\\program files\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\zeux\ea games\battlefield 1942\bf1942.exe:BF1942.exe
"TCP Query User{7D5EF960-2B6A-4CBB-96AE-6341F33E063E}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"UDP Query User{686C86A7-1E6C-4C14-AAA3-DC4EC99182CF}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"TCP Query User{09F0331A-9ABD-44AA-9DA8-1393893DB856}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"UDP Query User{9AF36308-03DA-4D61-8274-83EA4EDF7808}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"TCP Query User{50EDF01D-9403-4B7F-9E1E-FAFE7936FC51}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"UDP Query User{7A23E977-D187-443F-B555-E3204516930B}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"TCP Query User{523F5FB3-25BB-4BBF-BEEC-12A8BAB4433B}C:\\program files\\vlc\\vlc.exe"= UDP:C:\program files\vlc\vlc.exe:VLC media player
"UDP Query User{D2B897AE-D12E-4B1B-A7C4-376DD5172476}C:\\program files\\vlc\\vlc.exe"= TCP:C:\program files\vlc\vlc.exe:VLC media player
"TCP Query User{AC4293CF-1E4C-456D-A5E9-D55C63712A8C}C:\\program files\\serious sam 2\\bin\\sam2.exe"= UDP:C:\program files\serious sam 2\bin\sam2.exe:Sam2.exe
"UDP Query User{EC032255-5EF0-4611-9104-203933CA76FA}C:\\program files\\serious sam 2\\bin\\sam2.exe"= TCP:C:\program files\serious sam 2\bin\sam2.exe:Sam2.exe
"{C90959AF-D439-456E-8496-3860C69C10B1}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3FCEFF21-F74D-411D-B372-C43F7FCE0115}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{94C6498A-F8C8-4F2E-BD37-792B5D428340}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CFC10431-EAAE-408C-85B7-2EA3A40C9FF4}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BCA44E92-9BFE-4271-A95D-C136FECC7429}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{3DC099DE-814E-43E1-9609-F9C45CD59831}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
"UDP Query User{D4897CF7-A6AE-4C43-8D08-9C97649D572B}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
"TCP Query User{4384103E-5D51-4047-AC17-D2A8EB49567B}C:\\program files\\maple 10\\jre\\bin\\java.exe"= UDP:C:\program files\maple 10\jre\bin\java.exe:java.exe
"UDP Query User{35BCA76C-1A64-458B-AAA1-360EAD1D3ECA}C:\\program files\\maple 10\\jre\\bin\\java.exe"= TCP:C:\program files\maple 10\jre\bin\java.exe:java.exe
"{7416B301-8C8D-457B-B1A2-78C24CA37C1D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exerb
"{5DC3E9FC-11BB-4E6F-BF06-47D5FACB7AD3}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exerb
"{2C4FEB05-7CB6-446B-85BC-63E15BF5F14A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{61B18EFA-7FC9-4A53-A7FE-24A9E9A32E52}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{E21A2B53-5B06-41EE-89ED-AD69C4B3534B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{877953C9-565A-4F33-8088-A31B1B3CB6AA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{588CA41F-43B8-451C-9FDA-317694063088}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"{3B5E60F9-7143-479E-BFDC-0465156DD0BF}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"TCP Query User{403D3CF1-7ECD-4823-8BE7-C6C238DB8F60}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
"UDP Query User{FB498415-9528-46CB-8845-9B7F4CA76130}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
"TCP Query User{8B23B94E-C4DF-4920-8886-5458D4DFFDE9}C:\\program files\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\program files\battlefield vietnam\bfvietnam.exe:BfVietnam.exe
"UDP Query User{34DDAE2E-4A7E-42C8-B0E8-4CE36B5CE142}C:\\program files\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\program files\battlefield vietnam\bfvietnam.exe:BfVietnam.exe
"TCP Query User{B59B58FF-A72E-4E34-870E-1A58D560BA5D}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
"UDP Query User{ECC690B4-7BE7-4575-8E75-742BD9E43A46}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
"TCP Query User{51949B8A-E8E6-4DE0-830F-04E74A9985E5}C:\\program files\\battlefield vietnam\\bfvietnam_w32ded.exe"= UDP:C:\program files\battlefield vietnam\bfvietnam_w32ded.exe:bfvietnam_w32ded.exe
"UDP Query User{CF1B6C2F-C85E-4800-82FF-108B6C0F0489}C:\\program files\\battlefield vietnam\\bfvietnam_w32ded.exe"= TCP:C:\program files\battlefield vietnam\bfvietnam_w32ded.exe:bfvietnam_w32ded.exe
"TCP Query User{A1FEA10D-FDBB-4D26-8685-52EC001174C4}C:\\program files\\zeux\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded.exe
"UDP Query User{0CA215EA-006D-4412-BCFA-DBBEE55BDBD5}C:\\program files\\zeux\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded.exe
"TCP Query User{C1C3E00F-DFB3-49C0-B4E0-4B2FC16E9FD1}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= UDP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
"UDP Query User{031E1E21-9481-4254-B3A4-9294E6E998F8}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= TCP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
"TCP Query User{B85F3CA4-0181-4EE0-A2E2-FC3CE281722B}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= UDP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
"UDP Query User{E25EB855-83E7-49FD-AEA1-C70122D73AD8}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= TCP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
"TCP Query User{4CFA7A41-4E16-4F0F-92BD-86FF4A0EA78A}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
"UDP Query User{4485F812-863F-4EE6-AFE9-3C47CE45347E}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
"TCP Query User{54112D43-8133-4B6B-8FED-F4AE3C3964E3}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= UDP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
"UDP Query User{7F39D384-BDA5-468F-ABCF-FF914F6E9444}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= TCP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
"TCP Query User{4D64A671-865A-45F4-9B8B-303F874659E0}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= UDP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
"UDP Query User{FCC90EB2-F2F0-4C79-8376-DDA2AB1A2777}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= TCP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 12:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74833774-a6ec-11dc-b17a-e3a2a79b2d9e}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 20:05:20
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\system32\lsass.exe
-> C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Users\kiwi\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-05 20:10:35 - machine was rebooted [kiwi]
ComboFix-quarantined-files.txt 2008-06-05 18:10:12

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 23,350,644,736 octets libres

330 --- E O F --- 2008-05-30 05:32:14

Répondre à thekiwi888

Le moteur de recherche y marche impec par contre plus moyen d'ouvrir aucun fichiez .exe , comme combofix il m'envoie toujour un message d'erreur, une référence à été renvoyé au serveur ...

Répondre à thekiwi888

"ShellExecuteEx failed; code 8235
une référence a été renvoyée par le serveur"

Répondre à thekiwi888

J'ai trouvé en faite pour le message d'erreur , j'ai été voir un peu sur le web ,et j'ai redécocher l'UAC et ca marche . C'est important l'UAC ?

Répondre à thekiwi888

Re,

Ça ne doit pas empêcher le fonctionnement des exe... Mais demander des confirmations.

Sélectionne l'intégralité du cadre ci-dessous :

Collect::
C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{758A44CD-8365-447F-984B-B6B144F5B6E6}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"=-
"WMPNSCFG"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=-
"Acer Tour"=-
"eRecoveryService"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}"=-

Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

ComboFix 08-06-05.2 - kiwi 2008-06-06 12:43:51.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1182 [GMT 2:00]
Endroit: C:\Users\kiwi\Desktop\ComboFix.exe
Command switches used :: C:\Users\kiwi\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))))))))
.

2008-06-06 12:42 . 2008-06-06 12:42 <REP> d-------- C:\327882R2FWJFW
2008-06-06 10:09 . 2008-06-06 10:09 <REP> d-------- C:\Users\Public\Pictures
2008-06-05 21:50 . 2008-06-05 21:59 <REP> d-------- C:\Users\kiwi\AppData\Roaming\XnView
2008-06-05 21:43 . 2008-06-05 21:49 <REP> d-------- C:\Program Files\XnView
2008-06-04 17:06 . 2008-06-04 19:07 <REP> d-------- C:\Lop SD
2008-06-04 09:24 . 2008-06-04 09:24 <REP> d-------- C:\Program Files\Trend Micro
2008-05-29 22:00 . 2008-06-03 17:44 250,157,889 --a------ C:\Windows\MEMORY.DMP
2008-05-28 05:06 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 05:06 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-27 23:09 . 2008-05-27 23:09 <REP> d-------- C:\Users\Public\Asa [Asha]
2008-05-18 18:42 . 2008-05-18 18:52 <REP> d-------- C:\Users\kiwi\AppData\Roaming\StarOffice8
2008-05-17 21:05 . 2008-05-17 21:05 <REP> d-------- C:\Program Files\Sun
2008-05-17 19:00 . 2008-06-05 20:17 <REP> d-------- C:\Users\All Users\Google Updater
2008-05-17 19:00 . 2008-06-05 20:17 <REP> d-------- C:\ProgramData\Google Updater
2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Program Files\OpenOffice.org 2.4

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 10:45 --------- d-----w C:\Users\kiwi\AppData\Roaming\uTorrent
2008-06-01 17:14 41,192 ----a-w C:\Users\kiwi\AppData\Roaming\nvModes.dat
2008-06-01 16:18 --------- d-----w C:\Users\kiwi\AppData\Roaming\OpenOffice.org2
2008-05-18 16:58 --------- d-----w C:\Program Files\VLC
2008-05-17 17:02 --------- d-----w C:\Program Files\Google
2008-05-15 20:18 --------- d-----w C:\Program Files\Java
2008-05-14 06:58 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 10:56 0 ---h--w C:\Users\All Users\PKP_DLds.DAT
2008-05-12 10:56 0 ---h--w C:\ProgramData\PKP_DLds.DAT
2008-05-12 10:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 10:56 --------- d-----w C:\Program Files\Common Files\Nikon
2008-05-12 09:50 --------- d-----w C:\ProgramData\Symantec
2008-05-12 09:49 --------- d-----w C:\Program Files\Winamp
2008-05-12 09:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-12 09:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-09 21:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-27 08:04 --------- d-----w C:\Program Files\Picasa2
2008-04-25 19:15 0 ----a-w C:\Program Files\shutdown.log
2008-04-25 19:13 314 ----a-w C:\Program Files\PhotoMaker.ini
2008-04-25 19:13 205 ----a-w C:\Program Files\crm.ini
2008-04-25 19:13 0 ---ha-w C:\Program Files\CritOp.log
2008-04-25 19:13 0 ----a-w C:\Program Files\mxdba.log
2008-04-25 19:13 --------- d-----w C:\Users\kiwi\AppData\Roaming\MAGIX
2008-04-25 19:12 21,273 ----a-w C:\Program Files\INSTALL1.LOG
2008-04-25 19:12 2,378 ----a-w C:\Program Files\Install.cfg
2008-04-25 19:11 933 ----a-w C:\Program Files\reinstall3rdParty.ini
2008-04-25 19:11 689 ----a-w C:\Program Files\unwise.ini
2008-04-25 19:11 33,667 ----a-w C:\Program Files\license.txt
2008-04-25 19:11 146 ----a-w C:\Program Files\Validation.ini
2008-04-25 19:11 14,681 ----a-w C:\Program Files\register.rtf
2008-04-25 19:11 126,279 ----a-w C:\Program Files\INSTALL.LOG
2008-04-25 19:11 --------- d-----w C:\Program Files\Visuals
2008-04-25 19:11 --------- d-----w C:\Program Files\Palette
2008-04-25 19:11 --------- d-----w C:\Program Files\MAGIX Tirage en ligne
2008-04-25 19:11 --------- d-----w C:\Program Files\Icons
2008-04-25 19:11 --------- d-----w C:\Program Files\Firebird
2008-04-25 19:11 --------- d-----w C:\Program Files\Bitmaps
2008-04-25 19:06 --------- d-----w C:\ProgramData\MAGIX
2008-04-25 19:06 --------- d-----w C:\Program Files\VideoFX
2008-04-25 19:06 --------- d-----w C:\Program Files\Skins
2008-04-25 19:06 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-04-25 18:55 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
2008-04-25 18:55 20 ---h--w C:\ProgramData\PKP_DLec.DAT
2008-04-24 10:40 --------- d-----w C:\Program Files\IrfanView
2008-04-06 09:51 --------- d-----w C:\Program Files\zeux
2008-04-06 09:47 --------- d-----w C:\Program Files\Microsoft Games
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-12-02 12:06 174 --sha-w C:\Program Files\desktop.ini
2007-11-27 12:56 0 ----a-w C:\Users\kiwi\AppData\Roaming\wklnhst.dat
2006-05-31 13:49 13,094 ----a-w C:\Program Files\order.rtf
2006-05-12 10:31 269,397 ----a-w C:\Program Files\addoninstall.exe
2006-04-21 09:58 53,248 ----a-w C:\Program Files\IMxP_NokiaPCSuite.dll
2006-04-11 14:25 1,961,472 ----a-w C:\Program Files\MAGIXviewer.exe
2006-04-10 07:55 229,484 ----a-w C:\Program Files\Oxa1971.dll
2006-03-22 14:23 176,128 ----a-w C:\Program Files\unwise.exe
2006-03-15 08:32 7,735,180 ----a-w C:\Program Files\PhotoMaker.exe
2006-03-02 16:42 6,468 ----a-w C:\Program Files\Photomaker.cnt
2006-03-02 16:42 2,113,719 ----a-w C:\Program Files\Photomaker.hlp
2006-02-27 08:43 24,576 ----a-w C:\Program Files\Validation.exe
2006-02-17 12:57 475,136 ----a-w C:\Program Files\MXTLC.dll
2006-02-07 12:33 92,160 ----a-w C:\Program Files\exemaker.exe
2006-01-25 15:20 6,566 ----a-w C:\Program Files\e-mode-upgradedlg-exit.rtf
2006-01-25 15:19 6,602 ----a-w C:\Program Files\e-mode-upgradedialog.rtf
2006-01-25 15:19 2,691 ----a-w C:\Program Files\e-mode.ini
2006-01-23 09:10 2,701 ----a-w C:\Program Files\Upgrade.rtf
2006-01-18 10:29 86,016 ----a-w C:\Program Files\MagixOFA-fr.dll
2006-01-18 10:03 626,688 ----a-w C:\Program Files\MagixOFA.dll
2006-01-12 15:18 49,152 ----a-w C:\Program Files\EXIF12.dll
2006-01-11 14:23 2,280 ----a-w C:\Program Files\mp3encoder_upgrade.rtf
2006-01-09 09:26 671 ----a-w C:\Program Files\PredefinedCategories.ini
2005-12-13 16:18 442,368 ----a-w C:\Program Files\MFL.dll
2005-11-02 13:43 10,291 ----a-w C:\Program Files\support.rtf
2005-10-28 15:11 270,336 ----a-w C:\Program Files\IMxP_WmDevice.dll
2005-08-30 15:12 2,729 ----a-w C:\Program Files\Tooltip.ini
2005-08-22 15:40 81,920 ----a-w C:\Program Files\unwise.adf
2005-08-22 15:26 176,128 ----a-w C:\Program Files\instslct.exe
2005-08-04 15:38 4,511 ----a-w C:\Program Files\Shortcuts.ini
2005-07-28 12:20 564,142 ----a-w C:\Program Files\composer.dll
2005-06-22 13:42 128,512 ----a-w C:\Program Files\uninstall.exe
2005-06-21 17:06 35,840 ----a-w C:\Program Files\xutility.dll
2005-06-13 12:31 102,400 ----a-w C:\Program Files\Rn5d3288.dll
2005-05-23 15:44 172,032 ----a-w C:\Program Files\DB_MX.dll
2005-05-20 12:10 192,512 ----a-w C:\Program Files\reinstall3rdParty.exe
2005-05-18 13:10 1,103 ----a-w C:\Program Files\IMxPNokiaPCSuite.ini
2005-05-10 06:42 1,163,264 ----a-w C:\Program Files\photoid.dll
2005-03-31 15:20 65,536 ----a-w C:\Program Files\MxAutoUpdate.dll
2005-03-09 14:17 34,304 ----a-w C:\Program Files\CDBurnProfiler.exe
2004-10-22 15:41 118,784 ----a-w C:\Program Files\Zipdll.dll
2004-10-18 15:15 212,992 ----a-w C:\Program Files\eModeUpgradeDlg.dll
2004-08-20 13:16 144,896 ----a-w C:\Program Files\mpeg2.dll
2004-08-19 10:51 45,056 ----a-w C:\Program Files\EXIF09.dll
2004-08-03 09:43 716,800 ----a-w C:\Program Files\PlayRIpl.dll
2004-05-04 09:53 1,645,320 ----a-w C:\Program Files\gdiplus.dll
2004-04-15 13:48 32,768 ----a-w C:\Program Files\MagixUpdater.exe
2004-03-22 17:38 110,592 ----a-w C:\Program Files\MXWIA.dll
2004-02-11 16:28 219,136 ----a-w C:\Program Files\xviewer.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-06-05_20.09.42.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 18:02:49 67,584 ----a-w C:\Windows\bootstat.dat
+ 2008-06-06 10:51:34 67,584 ----a-w C:\Windows\bootstat.dat
- 2008-06-05 18:02:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-06 10:51:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-05 18:02:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-06 10:51:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-05 18:04:16 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-06 10:53:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-06 10:53:57 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-05 18:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-06 10:56:18 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-06 10:56:18 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-05 17:18:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-05 18:17:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-05 17:18:26 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-05 18:17:03 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-05 17:18:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-05 18:17:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-26 07:55:42 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-06-06 10:43:29 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-06-06 10:43:29 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-06-05 18:00:43 103,314 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-06 10:45:37 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-05 18:00:43 116,988 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-06 10:45:37 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-05 18:00:43 609,532 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-06 10:45:37 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-05 18:00:43 689,846 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-06 10:45:37 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-05 18:05:31 9,844 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2375981963-3849432644-2204959874-1000_UserData.bin
+ 2008-06-06 10:54:10 9,892 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2375981963-3849432644-2204959874-1000_UserData.bin
- 2008-06-05 18:05:31 93,554 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-06 10:54:10 93,856 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-29 05:18:10 2,690 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-06-05 20:27:19 2,690 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-06-05 18:05:27 63,490 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-06 10:40:49 63,490 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 00:21 1232896]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"Acer Tour Reminder"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 15:54 1286144]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-23 22:33 262401]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 09:29:07 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
"vidc.ffds"= C:\PROGRA~1\VLC\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exeV Wizard
"{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25219AE5-C395-490A-927D-5917C456B162}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4501C1FC-2596-4C90-8279-68E71179C8F6}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
"{2FA21601-CB39-4331-866E-40BD0890B95E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exelay Movie
"{F2EDC553-44F9-4BB6-A65B-C619B0F9AA3D}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exelay Movie Resident Program
"TCP Query User{A6A4212C-46B0-4D86-970A-F3910D1BB94F}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{5EAEB291-8EBC-4D14-B8B8-C77D87D262BA}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"{8F085BA9-5D2D-4897-9877-B2FA31C2D599}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{55093EC2-D8D3-4822-9DA4-B72DAD44F255}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{BAF5D7E9-168C-43C9-858F-F1CF197816D4}D:\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= UDP:\zeux\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{FAD46079-0209-4B7B-B626-39C5B1EEAE02}D:\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= TCP:\zeux\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{6F4DAA97-F672-4F19-B86D-204D39D4899F}C:\\program files\\half-life\\hl.exe"= UDP:C:\program files\half-life\hl.exe:Half-Life Launcher
"UDP Query User{DC22B9C5-FFDD-495D-ACF2-30B46ABDA4B0}C:\\program files\\half-life\\hl.exe"= TCP:C:\program files\half-life\hl.exe:Half-Life Launcher
"TCP Query User{BE00F0D4-3FAE-4A7D-A8BE-6B656A70460C}C:\\program files\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\zeux\ea games\battlefield 1942\bf1942.exe:BF1942.exe
"UDP Query User{CBF43121-F86E-4320-B1EE-08CDC11EE37E}C:\\program files\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\zeux\ea games\battlefield 1942\bf1942.exe:BF1942.exe
"TCP Query User{7D5EF960-2B6A-4CBB-96AE-6341F33E063E}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"UDP Query User{686C86A7-1E6C-4C14-AAA3-DC4EC99182CF}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
"TCP Query User{09F0331A-9ABD-44AA-9DA8-1393893DB856}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"UDP Query User{9AF36308-03DA-4D61-8274-83EA4EDF7808}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"TCP Query User{50EDF01D-9403-4B7F-9E1E-FAFE7936FC51}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"UDP Query User{7A23E977-D187-443F-B555-E3204516930B}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"TCP Query User{523F5FB3-25BB-4BBF-BEEC-12A8BAB4433B}C:\\program files\\vlc\\vlc.exe"= UDP:C:\program files\vlc\vlc.exe:VLC media player
"UDP Query User{D2B897AE-D12E-4B1B-A7C4-376DD5172476}C:\\program files\\vlc\\vlc.exe"= TCP:C:\program files\vlc\vlc.exe:VLC media player
"TCP Query User{AC4293CF-1E4C-456D-A5E9-D55C63712A8C}C:\\program files\\serious sam 2\\bin\\sam2.exe"= UDP:C:\program files\serious sam 2\bin\sam2.exe:Sam2.exe
"UDP Query User{EC032255-5EF0-4611-9104-203933CA76FA}C:\\program files\\serious sam 2\\bin\\sam2.exe"= TCP:C:\program files\serious sam 2\bin\sam2.exe:Sam2.exe
"{C90959AF-D439-456E-8496-3860C69C10B1}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3FCEFF21-F74D-411D-B372-C43F7FCE0115}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{94C6498A-F8C8-4F2E-BD37-792B5D428340}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CFC10431-EAAE-408C-85B7-2EA3A40C9FF4}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BCA44E92-9BFE-4271-A95D-C136FECC7429}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{3DC099DE-814E-43E1-9609-F9C45CD59831}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
"UDP Query User{D4897CF7-A6AE-4C43-8D08-9C97649D572B}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
"TCP Query User{4384103E-5D51-4047-AC17-D2A8EB49567B}C:\\program files\\maple 10\\jre\\bin\\java.exe"= UDP:C:\program files\maple 10\jre\bin\java.exe:java.exe
"UDP Query User{35BCA76C-1A64-458B-AAA1-360EAD1D3ECA}C:\\program files\\maple 10\\jre\\bin\\java.exe"= TCP:C:\program files\maple 10\jre\bin\java.exe:java.exe
"{7416B301-8C8D-457B-B1A2-78C24CA37C1D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exerb
"{5DC3E9FC-11BB-4E6F-BF06-47D5FACB7AD3}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exerb
"{2C4FEB05-7CB6-446B-85BC-63E15BF5F14A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{61B18EFA-7FC9-4A53-A7FE-24A9E9A32E52}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{E21A2B53-5B06-41EE-89ED-AD69C4B3534B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{877953C9-565A-4F33-8088-A31B1B3CB6AA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{588CA41F-43B8-451C-9FDA-317694063088}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"{3B5E60F9-7143-479E-BFDC-0465156DD0BF}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"TCP Query User{403D3CF1-7ECD-4823-8BE7-C6C238DB8F60}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
"UDP Query User{FB498415-9528-46CB-8845-9B7F4CA76130}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
"TCP Query User{8B23B94E-C4DF-4920-8886-5458D4DFFDE9}C:\\program files\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\program files\battlefield vietnam\bfvietnam.exe:BfVietnam.exe
"UDP Query User{34DDAE2E-4A7E-42C8-B0E8-4CE36B5CE142}C:\\program files\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\program files\battlefield vietnam\bfvietnam.exe:BfVietnam.exe
"TCP Query User{B59B58FF-A72E-4E34-870E-1A58D560BA5D}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
"UDP Query User{ECC690B4-7BE7-4575-8E75-742BD9E43A46}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
"TCP Query User{51949B8A-E8E6-4DE0-830F-04E74A9985E5}C:\\program files\\battlefield vietnam\\bfvietnam_w32ded.exe"= UDP:C:\program files\battlefield vietnam\bfvietnam_w32ded.exe:bfvietnam_w32ded.exe
"UDP Query User{CF1B6C2F-C85E-4800-82FF-108B6C0F0489}C:\\program files\\battlefield vietnam\\bfvietnam_w32ded.exe"= TCP:C:\program files\battlefield vietnam\bfvietnam_w32ded.exe:bfvietnam_w32ded.exe
"TCP Query User{A1FEA10D-FDBB-4D26-8685-52EC001174C4}C:\\program files\\zeux\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded.exe
"UDP Query User{0CA215EA-006D-4412-BCFA-DBBEE55BDBD5}C:\\program files\\zeux\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded.exe
"TCP Query User{C1C3E00F-DFB3-49C0-B4E0-4B2FC16E9FD1}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= UDP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
"UDP Query User{031E1E21-9481-4254-B3A4-9294E6E998F8}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= TCP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
"TCP Query User{B85F3CA4-0181-4EE0-A2E2-FC3CE281722B}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= UDP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
"UDP Query User{E25EB855-83E7-49FD-AEA1-C70122D73AD8}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= TCP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
"TCP Query User{4CFA7A41-4E16-4F0F-92BD-86FF4A0EA78A}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
"UDP Query User{4485F812-863F-4EE6-AFE9-3C47CE45347E}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
"TCP Query User{54112D43-8133-4B6B-8FED-F4AE3C3964E3}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= UDP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
"UDP Query User{7F39D384-BDA5-468F-ABCF-FF914F6E9444}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= TCP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
"TCP Query User{4D64A671-865A-45F4-9B8B-303F874659E0}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= UDP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
"UDP Query User{FCC90EB2-F2F0-4C79-8376-DDA2AB1A2777}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= TCP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 12:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74833774-a6ec-11dc-b17a-e3a2a79b2d9e}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-05 18:06:48 C:\Windows\Tasks\User_Feed_Synchronization-{19BB1475-95D8-42A2-BBE3-6790E09093C7}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 12:56:18
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\LINKINFO.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\sdclt.exe
C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-06 13:03:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 11:03:20
ComboFix2.txt 2008-06-05 18:10:36

Pre-Run: 23,170,846,720 octets libres
Post-Run: 22,224,990,208 octets libres

369 --- E O F --- 2008-06-06 10:59:08

Répondre à thekiwi888

Il m'a aussi demandé pour aller sur internet pour avoir plus de renseignement sur un fichier mais je ne savais duquel fichier il parlait donc je n'ai rien fait .

Répondre à thekiwi888

Re,

Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

Connecte tous les périphériques externes ( DD , USB , ..... )
Double clique sur Flash Disinfector et laisse toi guider.

******

Supprime C:\327882R2FWJFW

- Poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation/Appliquer - - > OK

Tu recoches ces options après !

Fais analyser ce(s) fichier(s) sur ce site >> Virustotal <<

Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\Windows\system32\ LINKINFO.dll
Clique maintenant sur Envoyer le fichier.
Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Je n'arrive pas à aller sur virustotal
il m'envoir deux messages d'erreur, l'un ou l'autre :
Service Temporarily Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

le deuzième:

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /flash/index_en.html.

Reason: Error reading from remote server

Pourtant je ne passe pas par un proxy pour ma connection internet

Répondre à thekiwi888

Le deuxième ..?

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Proxy error c'est le deuzieme
Le premier s'est the server is temporarily unable to service...

Répondre à thekiwi888

Je n'ai pas réussi à le trouver dans parcourir mais quand je fesait une recherche à partir de window dans tous les fichiers de mon système il le trouvait , donc j'ai quand meme fait le scan en copiant le nom du fichier ...

Fichier linkinfo.dll reçu le 2008.06.06 18:47:50 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: ___.
L'heure estimée de démarrage est entre ___ et ___ .
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.55 2008.06.06 -
Authentium 5.1.0.4 2008.06.06 -
Avast 4.8.1195.0 2008.06.06 -
AVG 7.5.0.516 2008.06.06 -
BitDefender 7.2 2008.06.06 -
CAT-QuickHeal 9.50 2008.06.06 -
ClamAV 0.92.1 2008.06.06 -
DrWeb 4.44.0.09170 2008.06.06 -
eSafe 7.0.15.0 2008.06.05 -
eTrust-Vet 31.6.5853 2008.06.06 -
Ewido 4.0 2008.06.06 -
F-Prot 4.4.4.56 2008.06.05 -
F-Secure 6.70.13260.0 2008.06.06 -
Fortinet 3.14.0.0 2008.06.06 -
GData 2.0.7306.1023 2008.06.06 -
Ikarus T3.1.1.26.0 2008.06.06 -
Kaspersky 7.0.0.125 2008.06.06 -
McAfee 5311 2008.06.05 -
Microsoft 1.3604 2008.06.06 -
NOD32v2 3164 2008.06.06 -
Norman 5.80.02 2008.06.06 -
Panda 9.0.0.4 2008.06.05 -
Prevx1 V2 2008.06.06 -
Rising 20.47.42.00 2008.06.06 -
Sophos 4.30.0 2008.06.06 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.06 -
TheHacker 6.2.92.338 2008.06.06 -
VBA32 3.12.6.7 2008.06.06 -
VirusBuster 4.3.26:9 2008.06.06 -
Webwasher-Gateway 6.6.2 2008.06.06 -
Information additionnelle
File size: 22016 bytes
MD5...: 24f90aefebe601d427cb4511e74cdcb6
SHA1..: 20f061224a9e002da9b9a61a897909ac13b516dd

Répondre à thekiwi888

Ok, poste un nouveau rapport HijackThis.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:33, on 06/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/adva [...] module.exe
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7708 bytes

Répondre à thekiwi888

Re,

Télécharge Clean (de Malekal) sur ton Bureau.

Dézippe le sur ton Bureau. Double-clic sur le dossier Clean qui vient d'apparaître.
Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport qui se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

Aide : Comment utiliser Clean.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Voici le rapport

07/06/2008 a 9:26:30,20

*** Recherche C:
C:\autorun.inf FOUND

*** Recherche C:\Windows\

*** Recherche C:\Windows\system32
C:\Windows\system32\wininit.exe FOUND
C:\Windows\system32\wininit.exe FOUND

*** Recherche C:\Program Files
"C:\Program Files\Uninstall.exe" FOUND
*** End of the report !

Par contre j'ai obtenue un fichier
upload_moi_oscar.tar.gz
Mais je n'arrive pas à l'envoyer , je suis la procédure comme indiquer , mais au bout de 5 min , il me dit qu'il n'a recu aucun fichier .
Es ce que je dois d'abord dézippé upload_moi_oscar.tar et apres les envoyer un par un ?

Répondre à thekiwi888

Re,

Sélectionne l’intégralité du cadre ci-dessous (espaces compris) :

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74833774-a6ec-11dc-b17a-e3a2a79b2d9e}]

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton Bureau sous le nom de Correction.reg
Double-clique dessus, accepte l’inscription des données.

**********

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

Aide : Comment utiliser MBAM.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Malwarebytes' Anti-Malware 1.15
Version de la base de données: 837

14:21:07 07/06/2008
mbam-log-6-7-2008 (14-21-07).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 195682
Temps écoulé: 42 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0cf5d165-517e-48b6-b3c7-3054a24f8bf6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Windows\System32\mlJYqNFv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\pmnoOGYO.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\ssqOHywV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\xxyyyYqo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Répondre à thekiwi888

Ok,

Supprime C:\Program Files\Uninstall.exe.

Poste un nouveau rapport HJT.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Voici le rapport HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:48, on 07/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/adva [...] module.exe
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7616 bytes

Répondre à thekiwi888

Re,

Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com

Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked !

Sélectionne l’intégralité du cadre ci-dessous :

@echo off & cls
sc config VundoFixSvc start= disabled
sc stop VundoFixSvc
sc delete VundoFixSvc
cd %windir%\system32 & del VundoFixSVC.exe
exit

Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Enregistre le sous sur ton Bureau sous le nom de Correction.bat
Double-clique dessus. Poste le rapport généré (si présent).

Puis poste un nouveau rapport HijackThis =)

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Je l'enregistre sur mon bureau , et je double clique dessus , mais la fenetre apparait et disparait immédiatement . J'ai même essayer en mode sans echec , rien n'y fait .

Répondre à thekiwi888

Au faite , je parle du fichier Correction.bat .

Répondre à thekiwi888

C'est normal. Reposte un HijackThis

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:56, on 08/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/adva [...] module.exe
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7137 bytes

Répondre à thekiwi888

Re,

Sélectionne l’intégralité du cadre ci-dessous :

@echo off & cls
sc config CLTNetCnServicestart= disabled
sc delete CLTNetCnService
exit

Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Enregistre le sous sur ton Bureau sous le nom de Correction.bat
Double-clique dessus. Poste le rapport généré (si présent).

*********

Télécharge ToolsCleaner2 (de A.Rothstein)

Installe le sur ton Bureau.
Clique sur Recherche pour lancer le scan.
Clique sur Supprimer pour nettoyer les outils utilisés.
Clique sur Quitter.
Poste ce rapport ~>C:\TCleaner.txt<~

Garde Ccleaner, Avg (ou MBAM) et AntiVir si nous les avons installés..
Désactive-réactive la restauration système.
Rapporte ton infection sur Malware Complaints >Tuto<
Ton(tes) infection(s) : Lop, Vundo.
Si tu ne la trouves pas dans la liste, poste dans Autres infections,

Mets ton ordi correctement à jour >ici<
Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

Puis regarde ces dossiers :

- Sécurité/Prévention
- Conséquences de la multi-protection
- Toolbars : Inutilité et ralentissements

Bonne journée/soirée

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

re

Le fichier Correction.bat ne répond toujours pas , il s'ouvre puis se quitte automatiquement

Voila le rapport Tcleaner

-->- Recherche:

C:\Combofix: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Lop SD\Lop S&D.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\kiwi\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Lop S&D: trouvé !
C:\Users\kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lop S&D: trouvé !
C:\Users\kiwi\Desktop\HijackThis.lnk: trouvé !
C:\Users\kiwi\Desktop\Lop S&D.lnk: trouvé !
C:\Users\kiwi\Desktop\LopSD.exe: trouvé !
C:\Users\kiwi\Desktop\ComboFix.exe: trouvé !
C:\Users\kiwi\Desktop\HJTInstall.exe: trouvé !
C:\Users\kiwi\Desktop\Qoobox: trouvé !
C:\Users\kiwi\Desktop\clean\tar.exe: trouvé !
C:\Users\kiwi\Desktop\clean\remove.reg: trouvé !
C:\Users\kiwi\Desktop\clean\LFiles.exe: trouvé !
C:\Users\kiwi\Desktop\clean\gzip.exe: trouvé !
C:\Users\kiwi\Desktop\clean\delsiri.cmd: trouvé !
C:\Users\kiwi\Desktop\clean\delr.cmd: trouvé !
C:\Users\kiwi\Desktop\clean\del3.cmd: trouvé !
C:\Users\kiwi\Desktop\clean\del2.cmd: trouvé !
C:\Users\kiwi\Desktop\clean\clean.cmd: trouvé !
C:\Users\kiwi\Desktop\clean\cherche.cmd: trouvé !

---------------------------------
-->- Suppression:

C:\Lop SD\Lop S&D.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\kiwi\Desktop\HijackThis.lnk: supprimé !
C:\Users\kiwi\Desktop\Lop S&D.lnk: supprimé !
C:\Users\kiwi\Desktop\LopSD.exe: supprimé !
C:\Users\kiwi\Desktop\ComboFix.exe: supprimé !
C:\Users\kiwi\Desktop\HJTInstall.exe: supprimé !
C:\Users\kiwi\Desktop\clean\tar.exe: supprimé !
C:\Users\kiwi\Desktop\clean\remove.reg: supprimé !
C:\Users\kiwi\Desktop\clean\LFiles.exe: supprimé !
C:\Users\kiwi\Desktop\clean\gzip.exe: supprimé !
C:\Users\kiwi\Desktop\clean\delsiri.cmd: supprimé !
C:\Users\kiwi\Desktop\clean\delr.cmd: supprimé !
C:\Users\kiwi\Desktop\clean\del3.cmd: supprimé !
C:\Users\kiwi\Desktop\clean\del2.cmd: supprimé !
C:\Users\kiwi\Desktop\clean\clean.cmd: supprimé !
C:\Users\kiwi\Desktop\clean\cherche.cmd: supprimé !
C:\Combofix: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\Users\kiwi\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !
C:\Users\kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Lop S&D: ERREUR DE SUPPRESSION !!
C:\Users\kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lop S&D: supprimé !
C:\Users\kiwi\Desktop\Qoobox: supprimé !

La procédure désactivation ,réactivation de la restauration système est expliqué pour xp , pas de consequence si je l'applique avec Vista ?

Répondre à thekiwi888

Donne ton avis en vidéo

Dans l'actualité

Nouveau correctif pour Internet Explorer 6

Navigateur Web : Camino bientôt en version 1.1

Les téléchargements

Albums

Les derniers dossiers

Test : Nokia N97, un vrai clavier, du Wi-Fi, un grand écran tactile...

Les bonnes raisons pour ne pas passer à l'iPhone 3G S

Faut-il craquer pour une TV à Led ?

Clés USB : capacité ou vitesse, le comparatif

Téléchargement

Liens commerciaux

Attention