Virus myspacy sur msn

Résolu
mymy14 Messages postés 50 Statut Membre -  
mymy14 Messages postés 50 Statut Membre -
Bonjour,
je suis infecté par le virus myspacy de msn. Je n arrive pas a m en débarasser pourriez vous m aider svp.
Merci d avance
Configuration: Windows XP
Internet Explorer 7.0

74 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Une infection malware sur Windows XP/Internet Explorer 7 suscite plusieurs procédures de suppression et nettoyage, notamment via des outils comme UsbFix, ad-remover et Combofix pour éliminer les traces d'autorun et les composants malveillants. Plusieurs mesures sont proposées dans les échanges, notamment désinstaller certains outils potentiellement indésirables, lancer UsbFix pour nettoyer les clés USB et autorun.inf, puis utiliser RSIT et HijackThis pour générer des rapports. Une clarification utile: les outils comme Combofix et RSIT nécessitent des précautions et ne doivent être lancés que lorsque les conditions et avertissements sont bien compris afin d’éviter des perturbations système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    - Télécharge MSNFix.zip (de !aur3n7) sur ton Bureau:
    http://sosvirus.changelog.fr/MSNFix.zip

    - Décompresse-le (Clic droit >> Extraire ici).

    - Double-clique sur le fichier MSNFix.bat.

    - Exécute l'option R.
    Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.

    Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur.

    - Le rapport sera enregistré dans C:\Windows\ sous le nom de MSNFix, poste-le.
    0
  2. mymy14 Messages postés 50 Statut Membre
     
    Salut destrio5

    malheureusement j ai déja essayer avec msn fix mais lorsqu je lance la recherche le message check service aparait et il ne se passe rien.
    0
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge HijackThis v2.0.2 sur ton Bureau.

    - Double-clique sur HJTInstall afin de lancer l'installation.

    - Clique sur Install ensuite sur I Accept.

    - Clique sur Do a system scan and save a logfile.

    - Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
    0
  4. mymy14 Messages postés 50 Statut Membre
     
    Je vais essayer avec hijack merci de l'attention que tu portes a ma demande.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. mymy14 Messages postés 50 Statut Membre
     
    Voila j ai réussi a avoir le rapport:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:12:28, on 29/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
    C:\Program Files\EoRezo\EoEngine.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
    O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
    O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MsServer] msfun80.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - AppInit_DLLs: zqbjvs.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    En attendant que je revienne d'ici une demi-heure.

    ---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
    ---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
    ---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
    ---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
    ---> Sélectionne Exécuter un examen rapide.
    ---> Clique sur Rechercher. L'analyse démarre.

    A la fin de l'analyse, un message s'affiche :

    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    ---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
    ---> Ferme tes navigateurs.
    Si des malwares ont été détectés, clique sur Afficher les résultats.
    ---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
    ---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    0
  8. mymy14 Messages postés 50 Statut Membre
     
    je te remercie de ton aide. J ai suivi tes indications. Je t envoie le rapport. sinon mon antivirus (avast) s est manifesté a plusieurs reprises pour me dire que mon pc était infecté j ai fait supprimer au fur et a mesure (j espère avoir bien fait).

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1565
    Windows 5.1.2600 Service Pack 3

    29/12/2008 23:40:09
    mbam-log-2008-12-29 (23-40-09).txt

    Type de recherche: Examen rapide
    Eléments examinés: 52976
    Temps écoulé: 8 minute(s), 2 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 16
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 21

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\wvUmkiHX.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\zqbjvs.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\nnnLCVMF.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlcvmf (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6328943-def9-498a-9c84-93accfa0ea81} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44dfe0ab-def5-4815-b607-1c724e91a71c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IMJPMIG8.2 (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumkihx -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvumkihx -> Delete on reboot.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\wvUmkiHX.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\XHikmUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\XHikmUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnLCVMF.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\zqbjvs.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\alajoqrv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqQgeff.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\fccddaXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfEXQhE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUomlKa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoMggdDV.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\iifgFXQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfCRlmK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXPfGax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfEWQhf.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\vtUommKD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnliJAT.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\cbXQiJde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXPJayw.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\rqRIxvVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
    0
  9. mymy14 Messages postés 50 Statut Membre
     
    Je viens de me rendre compte qu un autre message est apparu après que je t envoie le rapport.
    Impossible de supprimer certains élément tous les éléments qui n ont pas pu etre supprimés ont été ajoutés à la liste des suppressions au redémarrage.
    0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Je te conseille vivement d'installer la Console de récupération.

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\Combofix.txt

    Tutoriel officiel :
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  11. mymy14 Messages postés 50 Statut Membre
     
    je n arrive pas a telecharger combofix, un message s affiche me demandant si je suis certain de vouloir fermer VisageON. PS j ai désinstallé le logiciel trojan remover pensant que le problème venait de la mais je n arrive tjrs pas a telecharger combofix
    0
  12. mymy14 Messages postés 50 Statut Membre
     
    finallement je pense avoir réussi. Voici le rapport. Merci d'avance de l'attention que tu continuera à donner à mon problème.
    0
  13. mymy14 Messages postés 50 Statut Membre
     
    ComboFix 08-12-28.04 - user 2008-12-30 0:24:59.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.659 [GMT 1:00]
    Lancé depuis: C:\Documents and Settings\user\Mes documents\INTERNET\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .
    [color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
    C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\user\ravmonlog
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\eyqwocos.dll
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\WanPacket.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\ufdata2000.log

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
    2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-12-29 23:29 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-12-29 23:29 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-12-29 23:12 . 2008-12-29 23:12 <REP> d-------- C:\Program Files\Trend Micro
    2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Program Files\Trojan Remover
    2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software
    2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-24 01:33 . 2008-12-24 01:33 164 --a------ C:\WINDOWS\system32\ikhcore.cfg
    2008-12-24 01:30 . 2008-12-24 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-12-24 01:29 . 2008-12-24 01:29 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-12-23 22:59 . 2008-12-23 04:41 52,786 --a------ C:\WINDOWS\fxstaller.exe.vir
    2008-12-23 22:59 . 2008-12-23 22:59 45,056 --a------ C:\WINDOWS\system32\fccddbXQ.dll.vir
    2008-12-09 23:18 . 2008-12-09 23:18 88,064 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
    2008-12-09 23:18 . 2008-12-09 23:18 72,192 --a------ C:\WINDOWS\system32\hlvdd.dll
    2008-12-09 23:18 . 2008-12-09 23:18 39,424 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
    2008-12-09 23:18 . 2008-12-09 23:18 5,120 --a------ C:\WINDOWS\system32\haspvdd.dll
    2008-12-09 23:18 . 2008-10-11 12:38 3,121 --a------ C:\WINDOWS\system32\config.hsp
    2008-12-09 23:18 . 2008-12-09 23:18 383 --a------ C:\WINDOWS\system32\haspdos.sys
    2008-12-09 23:18 . 2008-12-09 23:18 0 --a------ C:\WINDOWS\hinstall.INI
    2008-12-09 23:17 . 1993-11-19 00:00 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
    2008-12-09 23:17 . 1993-07-17 07:00 64,432 --a------ C:\WINDOWS\system32\THREED.VBX
    2008-12-09 22:14 . 2008-12-09 22:14 <REP> d-------- C:\Program Files\Microsoft Référence
    2008-12-09 22:14 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-13 06:37 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-11-10 20:24 --------- d-----w C:\Documents and Settings\user\Application Data\SecondLife
    2008-11-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\i4j_jres
    2008-10-28 11:54 --------- d-----w C:\Program Files\VirginMega
    2008-10-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    2008-10-28 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-10-24 11:21 455,296 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-10-23 12:36 286,720 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-10-16 13:11 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
    2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-10-16 13:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-10-15 17:35 337,408 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
    2008-10-15 07:06 633,632 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-10-15 07:04 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
    2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\dllcache\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
    2008-06-08 20:05 1,858 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
    "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 00:12 151552]
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
    "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
    "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
    "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22 225280]
    "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00 331776]
    "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
    "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
    "ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
    "QuickTime Task"="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
    "EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-09-23 17:31 565248]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]

    C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
    Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
    Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1997-11-03 17:55:42 254128]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=zqbjvs.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "D:\\Azureus\\Azureus.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13102:TCP"= 13102:TCP:NortonAV
    "18253:TCP"= 18253:TCP:NortonAV
    "17822:TCP"= 17822:TCP:NortonAV
    "14827:TCP"= 14827:TCP:NortonAV
    "17423:TCP"= 17423:TCP:NortonAV
    "18744:TCP"= 18744:TCP:NortonAV
    "12900:TCP"= 12900:TCP:NortonAV
    "18949:TCP"= 18949:TCP:NortonAV
    "13401:TCP"= 13401:TCP:NortonAV
    "12167:TCP"= 12167:TCP:NortonAV
    "18052:TCP"= 18052:TCP:NortonAV
    "18011:TCP"= 18011:TCP:NortonAV
    "17873:TCP"= 17873:TCP:NortonAV
    "14381:TCP"= 14381:TCP:NortonAV
    "16085:TCP"= 16085:TCP:NortonAV
    "17493:TCP"= 17493:TCP:NortonAV
    "16229:TCP"= 16229:TCP:NortonAV
    "18008:TCP"= 18008:TCP:NortonAV
    "12419:TCP"= 12419:TCP:NortonAV
    "16679:TCP"= 16679:TCP:NortonAV
    "15948:TCP"= 15948:TCP:NortonAV
    "18004:TCP"= 18004:TCP:NortonAV
    "17805:TCP"= 17805:TCP:NortonAV
    "16824:TCP"= 16824:TCP:NortonAV
    "13975:TCP"= 13975:TCP:NortonAV
    "14303:TCP"= 14303:TCP:NortonAV
    "16922:TCP"= 16922:TCP:NortonAV
    "16361:TCP"= 16361:TCP:NortonAV
    "15727:TCP"= 15727:TCP:NortonAV
    "12931:TCP"= 12931:TCP:NortonAV
    "15525:TCP"= 15525:TCP:NortonAV
    "16992:TCP"= 16992:TCP:NortonAV
    "15569:TCP"= 15569:TCP:NortonAV
    "16191:TCP"= 16191:TCP:NortonAV
    "15534:TCP"= 15534:TCP:NortonAV
    "15107:TCP"= 15107:TCP:NortonAV
    "13061:TCP"= 13061:TCP:NortonAV
    "13203:TCP"= 13203:TCP:NortonAV
    "16061:TCP"= 16061:TCP:NortonAV
    "14502:TCP"= 14502:TCP:NortonAV
    "18330:TCP"= 18330:TCP:NortonAV
    "13067:TCP"= 13067:TCP:NortonAV
    "12354:TCP"= 12354:TCP:NortonAV
    "15991:TCP"= 15991:TCP:NortonAV
    "13051:TCP"= 13051:TCP:NortonAV
    "14091:TCP"= 14091:TCP:NortonAV
    "17027:TCP"= 17027:TCP:NortonAV
    "14652:TCP"= 14652:TCP:NortonAV
    "12008:TCP"= 12008:TCP:NortonAV
    "15379:TCP"= 15379:TCP:NortonAV
    "18426:TCP"= 18426:TCP:NortonAV
    "18414:TCP"= 18414:TCP:NortonAV
    "13104:TCP"= 13104:TCP:NortonAV
    "12643:TCP"= 12643:TCP:NortonAV
    "18711:TCP"= 18711:TCP:NortonAV
    "17621:TCP"= 17621:TCP:NortonAV
    "18315:TCP"= 18315:TCP:NortonAV
    "17218:TCP"= 17218:TCP:NortonAV
    "13823:TCP"= 13823:TCP:NortonAV
    "12305:TCP"= 12305:TCP:NortonAV
    "12350:TCP"= 12350:TCP:NortonAV
    "18390:TCP"= 18390:TCP:NortonAV
    "14330:TCP"= 14330:TCP:NortonAV
    "13741:TCP"= 13741:TCP:NortonAV
    "18074:TCP"= 18074:TCP:NortonAV
    "13724:TCP"= 13724:TCP:NortonAV
    "12358:TCP"= 12358:TCP:NortonAV
    "13923:TCP"= 13923:TCP:NortonAV
    "14124:TCP"= 14124:TCP:NortonAV
    "16975:TCP"= 16975:TCP:NortonAV
    "14012:TCP"= 14012:TCP:NortonAV
    "17815:TCP"= 17815:TCP:NortonAV
    "16859:TCP"= 16859:TCP:NortonAV
    "13466:TCP"= 13466:TCP:NortonAV
    "17446:TCP"= 17446:TCP:NortonAV
    "18810:TCP"= 18810:TCP:NortonAV
    "14383:TCP"= 14383:TCP:NortonAV
    "13761:TCP"= 13761:TCP:NortonAV
    "18831:TCP"= 18831:TCP:NortonAV
    "15639:TCP"= 15639:TCP:NortonAV
    "17002:TCP"= 17002:TCP:NortonAV
    "17131:TCP"= 17131:TCP:NortonAV
    "13643:TCP"= 13643:TCP:NortonAV
    "14421:TCP"= 14421:TCP:NortonAV
    "12605:TCP"= 12605:TCP:NortonAV
    "15729:TCP"= 15729:TCP:NortonAV
    "15308:TCP"= 15308:TCP:NortonAV
    "14823:TCP"= 14823:TCP:NortonAV
    "18487:TCP"= 18487:TCP:NortonAV
    "17881:TCP"= 17881:TCP:NortonAV
    "14736:TCP"= 14736:TCP:NortonAV
    "13361:TCP"= 13361:TCP:NortonAV
    "12769:TCP"= 12769:TCP:NortonAV
    "15992:TCP"= 15992:TCP:NortonAV
    "15409:TCP"= 15409:TCP:NortonAV
    "17525:TCP"= 17525:TCP:NortonAV
    "15112:TCP"= 15112:TCP:NortonAV
    "14232:TCP"= 14232:TCP:NortonAV
    "17511:TCP"= 17511:TCP:NortonAV
    "14401:TCP"= 14401:TCP:NortonAV
    "18019:TCP"= 18019:TCP:NortonAV
    "16546:TCP"= 16546:TCP:NortonAV
    "13648:TCP"= 13648:TCP:NortonAV
    "13084:TCP"= 13084:TCP:NortonAV
    "18078:TCP"= 18078:TCP:NortonAV
    "13915:TCP"= 13915:TCP:NortonAV
    "18904:TCP"= 18904:TCP:NortonAV
    "15547:TCP"= 15547:TCP:NortonAV
    "15331:TCP"= 15331:TCP:NortonAV
    "13939:TCP"= 13939:TCP:NortonAV
    "15236:TCP"= 15236:TCP:NortonAV
    "14586:TCP"= 14586:TCP:NortonAV
    "12538:TCP"= 12538:TCP:NortonAV
    "17432:TCP"= 17432:TCP:NortonAV
    "18937:TCP"= 18937:TCP:NortonAV
    "18208:TCP"= 18208:TCP:NortonAV
    "13444:TCP"= 13444:TCP:NortonAV
    "18547:TCP"= 18547:TCP:NortonAV
    "13780:TCP"= 13780:TCP:NortonAV
    "17867:TCP"= 17867:TCP:NortonAV
    "17462:TCP"= 17462:TCP:NortonAV
    "12067:TCP"= 12067:TCP:NortonAV
    "13884:TCP"= 13884:TCP:NortonAV
    "16021:TCP"= 16021:TCP:NortonAV
    "17713:TCP"= 17713:TCP:NortonAV
    "16544:TCP"= 16544:TCP:NortonAV
    "18654:TCP"= 18654:TCP:NortonAV
    "14495:TCP"= 14495:TCP:NortonAV
    "18789:TCP"= 18789:TCP:NortonAV
    "17795:TCP"= 17795:TCP:NortonAV
    "13147:TCP"= 13147:TCP:NortonAV
    "18341:TCP"= 18341:TCP:NortonAV
    "13756:TCP"= 13756:TCP:NortonAV
    "18893:TCP"= 18893:TCP:NortonAV
    "16095:TCP"= 16095:TCP:NortonAV
    "17136:TCP"= 17136:TCP:NortonAV
    "12172:TCP"= 12172:TCP:NortonAV
    "16008:TCP"= 16008:TCP:NortonAV
    "16507:TCP"= 16507:TCP:NortonAV
    "13279:TCP"= 13279:TCP:NortonAV
    "13457:TCP"= 13457:TCP:NortonAV
    "14327:TCP"= 14327:TCP:NortonAV
    "12054:TCP"= 12054:TCP:NortonAV
    "15233:TCP"= 15233:TCP:NortonAV
    "16518:TCP"= 16518:TCP:NortonAV
    "17677:TCP"= 17677:TCP:NortonAV
    "14105:TCP"= 14105:TCP:NortonAV
    "14032:TCP"= 14032:TCP:NortonAV
    "12249:TCP"= 12249:TCP:NortonAV
    "15433:TCP"= 15433:TCP:NortonAV
    "16168:TCP"= 16168:TCP:NortonAV
    "17917:TCP"= 17917:TCP:NortonAV
    "17162:TCP"= 17162:TCP:NortonAV
    "12437:TCP"= 12437:TCP:NortonAV
    "13161:TCP"= 13161:TCP:NortonAV
    "13727:TCP"= 13727:TCP:NortonAV
    "13880:TCP"= 13880:TCP:NortonAV
    "12708:TCP"= 12708:TCP:NortonAV
    "12707:TCP"= 12707:TCP:NortonAV
    "13760:TCP"= 13760:TCP:NortonAV
    "16926:TCP"= 16926:TCP:NortonAV
    "12936:TCP"= 12936:TCP:NortonAV
    "12884:TCP"= 12884:TCP:NortonAV
    "14474:TCP"= 14474:TCP:NortonAV
    "13847:TCP"= 13847:TCP:NortonAV
    "13141:TCP"= 13141:TCP:NortonAV
    "12959:TCP"= 12959:TCP:NortonAV
    "13121:TCP"= 13121:TCP:NortonAV
    "14558:TCP"= 14558:TCP:NortonAV
    "15116:TCP"= 15116:TCP:NortonAV
    "14684:TCP"= 14684:TCP:NortonAV
    "13345:TCP"= 13345:TCP:NortonAV
    "12294:TCP"= 12294:TCP:NortonAV
    "12405:TCP"= 12405:TCP:NortonAV
    "14378:TCP"= 14378:TCP:NortonAV
    "13591:TCP"= 13591:TCP:NortonAV
    "12282:TCP"= 12282:TCP:NortonAV
    "13495:TCP"= 13495:TCP:NortonAV
    "16928:TCP"= 16928:TCP:NortonAV
    "15959:TCP"= 15959:TCP:NortonAV
    "13319:TCP"= 13319:TCP:NortonAV
    "17820:TCP"= 17820:TCP:NortonAV
    "12568:TCP"= 12568:TCP:NortonAV
    "17355:TCP"= 17355:TCP:NortonAV
    "17720:TCP"= 17720:TCP:NortonAV
    "14977:TCP"= 14977:TCP:NortonAV
    "16630:TCP"= 16630:TCP:NortonAV
    "13237:TCP"= 13237:TCP:NortonAV
    "14074:TCP"= 14074:TCP:NortonAV
    "14683:TCP"= 14683:TCP:NortonAV
    "17857:TCP"= 17857:TCP:NortonAV
    "16635:TCP"= 16635:TCP:NortonAV
    "12652:TCP"= 12652:TCP:NortonAV
    "15707:TCP"= 15707:TCP:NortonAV
    "12939:TCP"= 12939:TCP:NortonAV
    "15649:TCP"= 15649:TCP:NortonAV
    "14962:TCP"= 14962:TCP:NortonAV
    "13160:TCP"= 13160:TCP:NortonAV
    "14862:TCP"= 14862:TCP:NortonAV
    "12463:TCP"= 12463:TCP:NortonAV
    "15181:TCP"= 15181:TCP:NortonAV
    "15000:TCP"= 15000:TCP:NortonAV
    "18750:TCP"= 18750:TCP:NortonAV
    "15358:TCP"= 15358:TCP:NortonAV
    "16392:TCP"= 16392:TCP:NortonAV
    "12257:TCP"= 12257:TCP:NortonAV
    "17469:TCP"= 17469:TCP:NortonAV
    "17430:TCP"= 17430:TCP:NortonAV
    "17008:TCP"= 17008:TCP:NortonAV
    "15360:TCP"= 15360:TCP:NortonAV
    "16763:TCP"= 16763:TCP:NortonAV
    "17304:TCP"= 17304:TCP:NortonAV
    "13144:TCP"= 13144:TCP:NortonAV
    "18542:TCP"= 18542:TCP:NortonAV
    "14927:TCP"= 14927:TCP:NortonAV

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-10-11 12:16:10 111184]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-10-11 12:16:10 20560]
    R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys [2007-01-16 19:11:29 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys [2007-01-16 19:11:29 78208]
    R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2005-11-30 20:28:58 1097472]
    S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
    S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\Auto\command - G:\AdobeR.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \Shell\Auto\command - H:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0274016a-cbed-11db-bd20-0016364d99d9}]
    \Shell\AutoRun\command - RavMon.exe
    \Shell\explore\Command - RavMon.exe -e
    \Shell\open\Command - RavMon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}]
    \Shell\Auto\command - G:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c658d678-9f78-11dc-bded-0016364d99d9}]
    \shell\Auto\command - F:\fun.xls.exe
    \shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6851742-a94c-11db-bcec-0016364d99d9}]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f8b5da-af16-11dc-be05-0016364d99d9}]
    \Shell\Auto\command - fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9904606-a80b-11db-bce7-0016364d99d9}]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}]
    \Shell\Auto\command - fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}]
    \shell\Auto\command - F:\fun.xls.exe
    \shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    HKCU-Run-MsServer - msfun80.exe
    HKLM-RunOnce-Trojan Remover - C:\Program Files\Trojan Remover\RMVTRJAN.EXE

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://lo.st#home
    IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-30 00:29:43
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(676)
    C:\WINDOWS\system32\Ati2evxx.dll
    .
    0
  14. mymy14 Messages postés 50 Statut Membre
     
    ComboFix 08-12-28.04 - user 2008-12-30 0:24:59.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.659 [GMT 1:00]
    Lancé depuis: C:\Documents and Settings\user\Mes documents\INTERNET\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .
    [color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
    C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\user\ravmonlog
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\eyqwocos.dll
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\WanPacket.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\ufdata2000.log

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
    2008-12-29 23:29 . 2008-12-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-12-29 23:29 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-12-29 23:29 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-12-29 23:12 . 2008-12-29 23:12 <REP> d-------- C:\Program Files\Trend Micro
    2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Program Files\Trojan Remover
    2008-12-24 02:00 . 2008-12-24 02:00 <REP> d-------- C:\Documents and Settings\user\Application Data\Simply Super Software
    2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-12-24 01:49 . 2008-12-24 01:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-24 01:33 . 2008-12-24 01:33 164 --a------ C:\WINDOWS\system32\ikhcore.cfg
    2008-12-24 01:30 . 2008-12-24 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-12-24 01:29 . 2008-12-24 01:29 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-12-23 22:59 . 2008-12-23 04:41 52,786 --a------ C:\WINDOWS\fxstaller.exe.vir
    2008-12-23 22:59 . 2008-12-23 22:59 45,056 --a------ C:\WINDOWS\system32\fccddbXQ.dll.vir
    2008-12-09 23:18 . 2008-12-09 23:18 88,064 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
    2008-12-09 23:18 . 2008-12-09 23:18 72,192 --a------ C:\WINDOWS\system32\hlvdd.dll
    2008-12-09 23:18 . 2008-12-09 23:18 39,424 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
    2008-12-09 23:18 . 2008-12-09 23:18 5,120 --a------ C:\WINDOWS\system32\haspvdd.dll
    2008-12-09 23:18 . 2008-10-11 12:38 3,121 --a------ C:\WINDOWS\system32\config.hsp
    2008-12-09 23:18 . 2008-12-09 23:18 383 --a------ C:\WINDOWS\system32\haspdos.sys
    2008-12-09 23:18 . 2008-12-09 23:18 0 --a------ C:\WINDOWS\hinstall.INI
    2008-12-09 23:17 . 1993-11-19 00:00 398,416 --a------ C:\WINDOWS\system32\VBRUN300.DLL
    2008-12-09 23:17 . 1993-07-17 07:00 64,432 --a------ C:\WINDOWS\system32\THREED.VBX
    2008-12-09 22:14 . 2008-12-09 22:14 <REP> d-------- C:\Program Files\Microsoft Référence
    2008-12-09 22:14 . 1998-05-26 12:58 194,048 --a------ C:\WINDOWS\system32\swflash.ocx

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-13 06:37 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-11-10 20:24 --------- d-----w C:\Documents and Settings\user\Application Data\SecondLife
    2008-11-03 15:04 --------- d-----w C:\Program Files\Fichiers communs\i4j_jres
    2008-10-28 11:54 --------- d-----w C:\Program Files\VirginMega
    2008-10-28 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    2008-10-28 11:47 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-10-24 11:21 455,296 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-10-23 12:36 286,720 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-10-16 13:13 202,776 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-10-16 13:12 561,688 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-10-16 13:12 323,608 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-10-16 13:11 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
    2008-10-16 13:08 34,328 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-10-16 13:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-10-15 17:35 337,408 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
    2008-10-15 07:06 633,632 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-10-15 07:04 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
    2008-10-03 10:03 247,326 ----a-w C:\WINDOWS\system32\dllcache\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll
    2008-06-08 20:05 1,858 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21 53248]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
    "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 00:12 151552]
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
    "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08 421888]
    "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
    "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56 471040]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-04-06 19:22 225280]
    "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 19:00 331776]
    "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
    "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43 401408]
    "ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02 40960]
    "QuickTime Task"="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
    "EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-09-23 17:31 565248]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18 81000]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-10-14 19:16 190024]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360]

    C:\Documents and Settings\user\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
    Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
    Event Reminder.lnk - C:\pmw\PMREMIND.EXE [1997-11-03 17:55:42 254128]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=zqbjvs.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "D:\\Azureus\\Azureus.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13102:TCP"= 13102:TCP:NortonAV
    "18253:TCP"= 18253:TCP:NortonAV
    "17822:TCP"= 17822:TCP:NortonAV
    "14827:TCP"= 14827:TCP:NortonAV
    "17423:TCP"= 17423:TCP:NortonAV
    "18744:TCP"= 18744:TCP:NortonAV
    "12900:TCP"= 12900:TCP:NortonAV
    "18949:TCP"= 18949:TCP:NortonAV
    "13401:TCP"= 13401:TCP:NortonAV
    "12167:TCP"= 12167:TCP:NortonAV
    "18052:TCP"= 18052:TCP:NortonAV
    "18011:TCP"= 18011:TCP:NortonAV
    "17873:TCP"= 17873:TCP:NortonAV
    "14381:TCP"= 14381:TCP:NortonAV
    "16085:TCP"= 16085:TCP:NortonAV
    "17493:TCP"= 17493:TCP:NortonAV
    "16229:TCP"= 16229:TCP:NortonAV
    "18008:TCP"= 18008:TCP:NortonAV
    "12419:TCP"= 12419:TCP:NortonAV
    "16679:TCP"= 16679:TCP:NortonAV
    "15948:TCP"= 15948:TCP:NortonAV
    "18004:TCP"= 18004:TCP:NortonAV
    "17805:TCP"= 17805:TCP:NortonAV
    "16824:TCP"= 16824:TCP:NortonAV
    "13975:TCP"= 13975:TCP:NortonAV
    "14303:TCP"= 14303:TCP:NortonAV
    "16922:TCP"= 16922:TCP:NortonAV
    "16361:TCP"= 16361:TCP:NortonAV
    "15727:TCP"= 15727:TCP:NortonAV
    "12931:TCP"= 12931:TCP:NortonAV
    "15525:TCP"= 15525:TCP:NortonAV
    "16992:TCP"= 16992:TCP:NortonAV
    "15569:TCP"= 15569:TCP:NortonAV
    "16191:TCP"= 16191:TCP:NortonAV
    "15534:TCP"= 15534:TCP:NortonAV
    "15107:TCP"= 15107:TCP:NortonAV
    "13061:TCP"= 13061:TCP:NortonAV
    "13203:TCP"= 13203:TCP:NortonAV
    "16061:TCP"= 16061:TCP:NortonAV
    "14502:TCP"= 14502:TCP:NortonAV
    "18330:TCP"= 18330:TCP:NortonAV
    "13067:TCP"= 13067:TCP:NortonAV
    "12354:TCP"= 12354:TCP:NortonAV
    "15991:TCP"= 15991:TCP:NortonAV
    "13051:TCP"= 13051:TCP:NortonAV
    "14091:TCP"= 14091:TCP:NortonAV
    "17027:TCP"= 17027:TCP:NortonAV
    "14652:TCP"= 14652:TCP:NortonAV
    "12008:TCP"= 12008:TCP:NortonAV
    "15379:TCP"= 15379:TCP:NortonAV
    "18426:TCP"= 18426:TCP:NortonAV
    "18414:TCP"= 18414:TCP:NortonAV
    "13104:TCP"= 13104:TCP:NortonAV
    "12643:TCP"= 12643:TCP:NortonAV
    "18711:TCP"= 18711:TCP:NortonAV
    "17621:TCP"= 17621:TCP:NortonAV
    "18315:TCP"= 18315:TCP:NortonAV
    "17218:TCP"= 17218:TCP:NortonAV
    "13823:TCP"= 13823:TCP:NortonAV
    "12305:TCP"= 12305:TCP:NortonAV
    "12350:TCP"= 12350:TCP:NortonAV
    "18390:TCP"= 18390:TCP:NortonAV
    "14330:TCP"= 14330:TCP:NortonAV
    "13741:TCP"= 13741:TCP:NortonAV
    "18074:TCP"= 18074:TCP:NortonAV
    "13724:TCP"= 13724:TCP:NortonAV
    "12358:TCP"= 12358:TCP:NortonAV
    "13923:TCP"= 13923:TCP:NortonAV
    "14124:TCP"= 14124:TCP:NortonAV
    "16975:TCP"= 16975:TCP:NortonAV
    "14012:TCP"= 14012:TCP:NortonAV
    "17815:TCP"= 17815:TCP:NortonAV
    "16859:TCP"= 16859:TCP:NortonAV
    "13466:TCP"= 13466:TCP:NortonAV
    "17446:TCP"= 17446:TCP:NortonAV
    "18810:TCP"= 18810:TCP:NortonAV
    "14383:TCP"= 14383:TCP:NortonAV
    "13761:TCP"= 13761:TCP:NortonAV
    "18831:TCP"= 18831:TCP:NortonAV
    "15639:TCP"= 15639:TCP:NortonAV
    "17002:TCP"= 17002:TCP:NortonAV
    "17131:TCP"= 17131:TCP:NortonAV
    "13643:TCP"= 13643:TCP:NortonAV
    "14421:TCP"= 14421:TCP:NortonAV
    "12605:TCP"= 12605:TCP:NortonAV
    "15729:TCP"= 15729:TCP:NortonAV
    "15308:TCP"= 15308:TCP:NortonAV
    "14823:TCP"= 14823:TCP:NortonAV
    "18487:TCP"= 18487:TCP:NortonAV
    "17881:TCP"= 17881:TCP:NortonAV
    "14736:TCP"= 14736:TCP:NortonAV
    "13361:TCP"= 13361:TCP:NortonAV
    "12769:TCP"= 12769:TCP:NortonAV
    "15992:TCP"= 15992:TCP:NortonAV
    "15409:TCP"= 15409:TCP:NortonAV
    "17525:TCP"= 17525:TCP:NortonAV
    "15112:TCP"= 15112:TCP:NortonAV
    "14232:TCP"= 14232:TCP:NortonAV
    "17511:TCP"= 17511:TCP:NortonAV
    "14401:TCP"= 14401:TCP:NortonAV
    "18019:TCP"= 18019:TCP:NortonAV
    "16546:TCP"= 16546:TCP:NortonAV
    "13648:TCP"= 13648:TCP:NortonAV
    "13084:TCP"= 13084:TCP:NortonAV
    "18078:TCP"= 18078:TCP:NortonAV
    "13915:TCP"= 13915:TCP:NortonAV
    "18904:TCP"= 18904:TCP:NortonAV
    "15547:TCP"= 15547:TCP:NortonAV
    "15331:TCP"= 15331:TCP:NortonAV
    "13939:TCP"= 13939:TCP:NortonAV
    "15236:TCP"= 15236:TCP:NortonAV
    "14586:TCP"= 14586:TCP:NortonAV
    "12538:TCP"= 12538:TCP:NortonAV
    "17432:TCP"= 17432:TCP:NortonAV
    "18937:TCP"= 18937:TCP:NortonAV
    "18208:TCP"= 18208:TCP:NortonAV
    "13444:TCP"= 13444:TCP:NortonAV
    "18547:TCP"= 18547:TCP:NortonAV
    "13780:TCP"= 13780:TCP:NortonAV
    "17867:TCP"= 17867:TCP:NortonAV
    "17462:TCP"= 17462:TCP:NortonAV
    "12067:TCP"= 12067:TCP:NortonAV
    "13884:TCP"= 13884:TCP:NortonAV
    "16021:TCP"= 16021:TCP:NortonAV
    "17713:TCP"= 17713:TCP:NortonAV
    "16544:TCP"= 16544:TCP:NortonAV
    "18654:TCP"= 18654:TCP:NortonAV
    "14495:TCP"= 14495:TCP:NortonAV
    "18789:TCP"= 18789:TCP:NortonAV
    "17795:TCP"= 17795:TCP:NortonAV
    "13147:TCP"= 13147:TCP:NortonAV
    "18341:TCP"= 18341:TCP:NortonAV
    "13756:TCP"= 13756:TCP:NortonAV
    "18893:TCP"= 18893:TCP:NortonAV
    "16095:TCP"= 16095:TCP:NortonAV
    "17136:TCP"= 17136:TCP:NortonAV
    "12172:TCP"= 12172:TCP:NortonAV
    "16008:TCP"= 16008:TCP:NortonAV
    "16507:TCP"= 16507:TCP:NortonAV
    "13279:TCP"= 13279:TCP:NortonAV
    "13457:TCP"= 13457:TCP:NortonAV
    "14327:TCP"= 14327:TCP:NortonAV
    "12054:TCP"= 12054:TCP:NortonAV
    "15233:TCP"= 15233:TCP:NortonAV
    "16518:TCP"= 16518:TCP:NortonAV
    "17677:TCP"= 17677:TCP:NortonAV
    "14105:TCP"= 14105:TCP:NortonAV
    "14032:TCP"= 14032:TCP:NortonAV
    "12249:TCP"= 12249:TCP:NortonAV
    "15433:TCP"= 15433:TCP:NortonAV
    "16168:TCP"= 16168:TCP:NortonAV
    "17917:TCP"= 17917:TCP:NortonAV
    "17162:TCP"= 17162:TCP:NortonAV
    "12437:TCP"= 12437:TCP:NortonAV
    "13161:TCP"= 13161:TCP:NortonAV
    "13727:TCP"= 13727:TCP:NortonAV
    "13880:TCP"= 13880:TCP:NortonAV
    "12708:TCP"= 12708:TCP:NortonAV
    "12707:TCP"= 12707:TCP:NortonAV
    "13760:TCP"= 13760:TCP:NortonAV
    "16926:TCP"= 16926:TCP:NortonAV
    "12936:TCP"= 12936:TCP:NortonAV
    "12884:TCP"= 12884:TCP:NortonAV
    "14474:TCP"= 14474:TCP:NortonAV
    "13847:TCP"= 13847:TCP:NortonAV
    "13141:TCP"= 13141:TCP:NortonAV
    "12959:TCP"= 12959:TCP:NortonAV
    "13121:TCP"= 13121:TCP:NortonAV
    "14558:TCP"= 14558:TCP:NortonAV
    "15116:TCP"= 15116:TCP:NortonAV
    "14684:TCP"= 14684:TCP:NortonAV
    "13345:TCP"= 13345:TCP:NortonAV
    "12294:TCP"= 12294:TCP:NortonAV
    "12405:TCP"= 12405:TCP:NortonAV
    "14378:TCP"= 14378:TCP:NortonAV
    "13591:TCP"= 13591:TCP:NortonAV
    "12282:TCP"= 12282:TCP:NortonAV
    "13495:TCP"= 13495:TCP:NortonAV
    "16928:TCP"= 16928:TCP:NortonAV
    "15959:TCP"= 15959:TCP:NortonAV
    "13319:TCP"= 13319:TCP:NortonAV
    "17820:TCP"= 17820:TCP:NortonAV
    "12568:TCP"= 12568:TCP:NortonAV
    "17355:TCP"= 17355:TCP:NortonAV
    "17720:TCP"= 17720:TCP:NortonAV
    "14977:TCP"= 14977:TCP:NortonAV
    "16630:TCP"= 16630:TCP:NortonAV
    "13237:TCP"= 13237:TCP:NortonAV
    "14074:TCP"= 14074:TCP:NortonAV
    "14683:TCP"= 14683:TCP:NortonAV
    "17857:TCP"= 17857:TCP:NortonAV
    "16635:TCP"= 16635:TCP:NortonAV
    "12652:TCP"= 12652:TCP:NortonAV
    "15707:TCP"= 15707:TCP:NortonAV
    "12939:TCP"= 12939:TCP:NortonAV
    "15649:TCP"= 15649:TCP:NortonAV
    "14962:TCP"= 14962:TCP:NortonAV
    "13160:TCP"= 13160:TCP:NortonAV
    "14862:TCP"= 14862:TCP:NortonAV
    "12463:TCP"= 12463:TCP:NortonAV
    "15181:TCP"= 15181:TCP:NortonAV
    "15000:TCP"= 15000:TCP:NortonAV
    "18750:TCP"= 18750:TCP:NortonAV
    "15358:TCP"= 15358:TCP:NortonAV
    "16392:TCP"= 16392:TCP:NortonAV
    "12257:TCP"= 12257:TCP:NortonAV
    "17469:TCP"= 17469:TCP:NortonAV
    "17430:TCP"= 17430:TCP:NortonAV
    "17008:TCP"= 17008:TCP:NortonAV
    "15360:TCP"= 15360:TCP:NortonAV
    "16763:TCP"= 16763:TCP:NortonAV
    "17304:TCP"= 17304:TCP:NortonAV
    "13144:TCP"= 13144:TCP:NortonAV
    "18542:TCP"= 18542:TCP:NortonAV
    "14927:TCP"= 14927:TCP:NortonAV

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-10-11 12:16:10 111184]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-10-11 12:16:10 20560]
    R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys [2007-01-16 19:11:29 4096]
    R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys [2007-01-16 19:11:29 78208]
    R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2005-11-30 20:28:58 1097472]
    S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
    S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\Auto\command - G:\AdobeR.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \Shell\Auto\command - H:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0274016a-cbed-11db-bd20-0016364d99d9}]
    \Shell\AutoRun\command - RavMon.exe
    \Shell\explore\Command - RavMon.exe -e
    \Shell\open\Command - RavMon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}]
    \Shell\Auto\command - G:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c658d678-9f78-11dc-bded-0016364d99d9}]
    \shell\Auto\command - F:\fun.xls.exe
    \shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6851742-a94c-11db-bcec-0016364d99d9}]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f8b5da-af16-11dc-be05-0016364d99d9}]
    \Shell\Auto\command - fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9904606-a80b-11db-bce7-0016364d99d9}]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}]
    \Shell\Auto\command - fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}]
    \shell\Auto\command - F:\fun.xls.exe
    \shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}]
    \Shell\Auto\command - F:\fun.xls.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    HKCU-Run-MsServer - msfun80.exe
    HKLM-RunOnce-Trojan Remover - C:\Program Files\Trojan Remover\RMVTRJAN.EXE

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://lo.st#home
    IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-30 00:29:43
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(676)
    C:\WINDOWS\system32\Ati2evxx.dll
    .
    0
  15. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

    - Double-clique sur RSIT.exe afin de lancer le programme.

    - Clique sur Continue à l'écran Disclaimer.

    - Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    - Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
    0
  16. mymy14 Messages postés 50 Statut Membre
     
    comme tu me l as demandé je t envoie lLogfile of random's system information tool 1.05 (written by random/random)
    Run by user at 2008-12-30 12:59:02
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 3 GB (9%) free of 35 GB
    Total RAM: 1014 MB (43% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:59, on 2008-12-30
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\EoRezo\EoEngine.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\JL90IEQD\RSIT[1].exe
    C:\Program Files\Trend Micro\HijackThis\user.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MsServer] msfun80.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    0
  17. mymy14 Messages postés 50 Statut Membre
     
    info.txt logfile of random's system information tool 1.05 2008-12-30 12:59:16

    ======Uninstall list======

    -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Acer Arcade-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
    Acer eDataSecurity Management 2.0.3076-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1036
    Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
    Acer Empowering Technology-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
    Acer eNet Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x40c
    Acer ePerformance Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x40c -removeonly
    Acer ePower Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x40c
    Acer ePresentation Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x40c
    Acer eSettings Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x40c -removeonly
    Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
    Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    Agere Systems HDA Modem-->agrsmdel
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Azureus Vuze-->D:\Azureus\uninstall.exe
    Canon Camera Support Core Library-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1036
    Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
    Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
    Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
    Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
    Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
    Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
    Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
    Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
    Canon Utilities PhotoStitch 3.1-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
    Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Creative MediaSource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x40c /remove
    Creative MuVo N200 Media Explorer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c /remove
    Encyclopédie Microsoft Encarta 99-->RunDll32 C:\PROGRA~1\MIE1DB~1\ENCYCL~1\UNENC99.DLL,Uninstall C:\PROGRA~1\MIE1DB~1\ENCYCL~1\SETUP99F\INST99F.LOG
    eoEngine 7.1-->"C:\Program Files\EoRezo\unins000.exe"
    Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
    Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
    Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Logiciel Acer OrbiCam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\Setup.EXE" -l0x40c
    Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
    Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MuVo Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c /remove
    mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
    mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
    Need For Speed III-->C:\WINDOWS\UNIN040C.EXE -f"C:\Program Files\Electronic Arts\Need For Speed III\DeIsL1.isu" -c"C:\Program Files\Electronic Arts\Need For Speed III\eauninst.dll"
    Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
    NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
    NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
    PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
    PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
    PrintMaster Gold 4.00-->c:\pmw\msrun.exe
    Programme de gestion Acer OrbiCam-->"C:\Program Files\Fichiers communs\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l040c
    QuickTime 3.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
    SA31xx Device Manager & Media Converter-->C:\Program Files\InstallShield Installation Information\{E572B060-C98B-4984-A48E-E4FA56265903}\setup.exe -runfromtemp -l0x040c -removeonly
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SuperCopier2-->"D:\SuperCopier2\SC2Uninst.exe"
    Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Texas Calculatem 4 with "AutoRead"-->"C:\Program Files\TexasCalculatem\unins000.exe"
    Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1036
    VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 081229-0]

    System event log

    Computer Name: ACER-D9F74F6A24
    Event Code: 7036
    Message: Le service Hôte de périphérique universel Plug-and-Play est entré dans l'état : en cours d'exécution.

    Record Number: 20258
    Source Name: Service Control Manager
    Time Written: 20081119185849.000000+060
    Event Type: Informations
    User:

    Computer Name: ACER-D9F74F6A24
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Hôte de périphérique universel Plug-and-Play.

    Record Number: 20257
    Source Name: Service Control Manager
    Time Written: 20081119185848.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: ACER-D9F74F6A24
    Event Code: 7036
    Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

    Record Number: 20256
    Source Name: Service Control Manager
    Time Written: 20081119185839.000000+060
    Event Type: Informations
    User:

    Computer Name: ACER-D9F74F6A24
    Event Code: 7036
    Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

    Record Number: 20255
    Source Name: Service Control Manager
    Time Written: 20081119185832.000000+060
    Event Type: Informations
    User:

    Computer Name: ACER-D9F74F6A24
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

    Record Number: 20254
    Source Name: Service Control Manager
    Time Written: 20081119185832.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Application event log

    Computer Name: ACER-D9F74F6A24
    Event Code: 0
    Message: Le service a géré avec succès PowerEvent.

    Record Number: 16167
    Source Name: AcerMemUsageCheckService
    Time Written: 20080922173535.000000+120
    Event Type: Informations
    User:

    Computer Name: ACER-D9F74F6A24
    Event Code: 0
    Message: Le service a géré avec succès PowerEvent.

    Record Number: 16166
    Source Name: AcerMemUsageCheckService
    Time Written: 20080922173533.000000+120
    Event Type: Informations
    User:

    Computer Name: ACER-D9F74F6A24
    Event Code: 0
    Message: Le service a géré avec succès PowerEvent.

    Record Number: 16165
    Source Name: AcerMemUsageCheckService
    Time Written: 20080922163522.000000+120
    Event Type: Informations
    User:

    Computer Name: ACER-D9F74F6A24
    Event Code: 0
    Message: Le service a géré avec succès PowerEvent.

    Record Number: 16164
    Source Name: AcerMemUsageCheckService
    Time Written: 20080922163522.000000+120
    Event Type: Informations
    User:

    Computer Name: ACER-D9F74F6A24
    Event Code: 35
    Message:
    Record Number: 16163
    Source Name: NSCService
    Time Written: 20080922142532.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\Wireless\Bin
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
    "PROCESSOR_REVISION"=0e08
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------
    0
  18. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    --> Télécharge UsbFix (de Chiquitine29) sur ton Bureau.

    --> Lance l'installation avec les paramètres par défaut.

    --> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

    --> Double-clique sur le raccourci UsbFix sur ton Bureau.

    --> Choisis l'option 1 (Nettoyage).

    --> Le PC va redémarrer.

    --> Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    (Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
    0
  19. mymy14 Messages postés 50 Statut Membre
     
    désolé j ai été long mais voila le rapport et encore merci de ton aide.

    -------------- UsbFix V2.413.8 ---------------

    * User : user - ACER-D9F74F6A24
    * Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
    * Recherche effectuée à 15:56:47 le 2008-12-30
    * Windows Xp - Internet Explorer 7.0.5730.13

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe

    D: - Lecteur fixe

    F: - Lecteur amovible

    G: - Lecteur amovible

    H: - Lecteur amovible

    I: - Lecteur amovible

    +- Contenu de l'autorun : H:\autorun.inf

    [AutoRun]
    open=fun.xls.exe
    shellexecute=fun.xls.exe
    shell\Auto\command=fun.xls.exe
    shell=Auto
    [VVflagRun]
    aabb=kdkfjdkfk1

    +- Contenu de l'autorun : I:\autorun.inf

    [AutoRun]
    open=fun.xls.exe
    shellexecute=fun.xls.exe
    shell\Auto\command=fun.xls.exe
    shell=Auto
    [VVflagRun]
    aabb=kdkfjdkfk1

    --------------- [ Lecteur C ] ----------------

    C: - Lecteur fixe

    +- Listing des fichiers présents :

    [2006-04-15 16:11][--a------] C:\AUTOEXEC.BAT
    [2004-08-05 05:00][-rahs----] C:\NTDETECT.COM
    [2008-12-30 00:24][-rahs----] C:\boot.ini
    [2008-12-30 15:56][--a------] C:\UsbFix.txt
    [2006-04-15 15:47][--a------] C:\CONFIG.SYS
    [2006-04-15 15:47][--a------] C:\IO.SYS
    [2006-04-15 15:47][--a------] C:\MSDOS.SYS
    [2006-04-15 15:47][--a------] C:\pagefile.sys
    [2006-04-15 15:47][--a------] C:\hiberfil.sys

    --------------- [ Lecteur D ] ----------------

    D: - Lecteur fixe

    +- Listing des fichiers présents :

    --------------- [ Lecteur F ] ----------------

    F: - Lecteur amovible

    +- Listing des fichiers présents :

    [2008-09-28 18:52][---------] F:\AdobeR.exe

    --------------- [ Lecteur G ] ----------------

    G: - Lecteur amovible

    +- Listing des fichiers présents :

    --------------- [ Lecteur H ] ----------------

    H: - Lecteur amovible

    +- Listing des fichiers présents :

    [2008-10-06 16:24][---hs----] H:\AdobeR.exe
    [2008-10-06 16:24][---hs----] H:\AUTORUN.INF

    --------------- [ Lecteur I ] ----------------

    I: - Lecteur amovible

    +- Listing des fichiers présents :

    [2008-01-17 08:43][-r-hs----] I:\m1t8ta.com
    [2008-10-02 12:56][---hs----] I:\AdobeR.exe
    [2008-10-02 12:56][---hs----] I:\autorun.inf

    --------------- [ Registre / Startup ] ----------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
    MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    LaunchApp=Alaunch
    AGRSMMSG=AGRSMMSG.exe
    RTHDCPL=RTHDCPL.EXE
    AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    PCMService="C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    ntiMUI=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    Acer ePresentation HPD=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    igfxtray=C:\WINDOWS\system32\igfxtray.exe
    igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
    igfxpers=C:\WINDOWS\system32\igfxpers.exe
    ePower_DMC=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    Boot=C:\Acer\Empowering Technology\ePower\Boot.exe
    LManager=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
    LogitechCameraAssistant=C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    LogitechVideo[inspector]=C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
    LogitechCameraService(E)=C:\WINDOWS\system32\ElkCtrl.exe /automation
    eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    ImageItEncrypt=C:\WINDOWS\system32\ImageItEncrypt.exe
    QuickTime Task="C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
    EoEngine="C:\Program Files\EoRezo\EoEngine.exe"
    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000143
    "NoDriveAutoRun"=dword:03ffffff
    "NoDrives"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=dword:03ffffff
    "NoDriveTypeAutoRun"=dword:00000143
    "NoDrives"=dword:00000000

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\explore\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0274016a-cbed-11db-bd20-0016364d99d9}\Shell\open\Command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{439d8b6c-aa62-11dc-be01-0016364d99d9}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{533b088a-2dcd-11dd-be6d-0016364d99d9}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f144982-00a9-11dc-bd69-0016364d99d9}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c658d678-9f78-11dc-bded-0016364d99d9}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d806eff6-6f96-11dd-be96-0016364d99d9}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0f63e8-e4a3-11dc-be32-0016364d99d9}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e622f5aa-8809-11dc-bdd2-0016364d99d9}\Shell\AutoRun\command

    --------------- [ Nettoyage des disques ] ----------------

    Supprimé ! - [2007-06-08 16:17][--ahs----] D:\THUMBS.DB
    Supprimé ! - [2003-06-20 04:05][-rahs----] F:\.\Recycled\Driveinfo.exe
    Supprimé ! - [2008-09-28 18:52][---------] F:\adobeR.exe
    Supprimé ! - [2007-08-23 14:23][---hs----] F:\msvcr71.dll
    Supprimé ! - [2006-09-09 09:54][-r-hs----] F:\Recycled\ctfmon.exe
    Supprimé ! - [2007-08-17 14:44][---hs----] G:\msvcr71.dll
    Supprimé ! - [2008-10-06 16:24][---hs----] H:\autorun.inf
    Supprimé ! - [2008-10-06 16:24][---hs----] H:\adobeR.exe
    Supprimé ! - [2007-11-09 12:01][---hs----] H:\msvcr71.dll
    Supprimé ! - [2008-10-02 12:56][---hs----] I:\autorun.inf
    Supprimé ! - [2008-10-02 12:56][---hs----] I:\adobeR.exe
    Supprimé ! - [2008-01-17 08:43][-r-hs----] I:\m1t8ta.com
    Supprimé ! - [2007-12-20 17:15][---hs----] I:\msvcr71.dll

    --------------- [ Resumé ] ----------------

    -> /!\ Le resultat doit etre interprété par un spécialiste /!\

    [2006-04-15 16:11][--a------] C:\AUTOEXEC.BAT
    [2004-08-05 05:00][-rahs----] C:\NTDETECT.COM
    [2008-12-30 00:24][-rahs----] C:\boot.ini

    --------------- ! Fin du rapport ! ----------------
    0
  20. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    J'espère que tu n'as pas branché ta clé USB un peu partout vu comment elle était infectée...

    ---> Désinstalle EoEngine.

    ● Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

    ● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
    ● Double-clique sur l'icône Ad-remover située sur ton Bureau.
    ● Au menu principal, choisis l'option "A".
    ● Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note :

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
  21. mymy14 Messages postés 50 Statut Membre
     
    Voila le rapport de ad remover:

    --------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------

    # START at: 16:18:47 | Mar 30/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
    # BOOT MODE: Normal

    # OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

    # PC: ACER-D9F74F6A24 | USER: user ( Current user is an administrator)

    # DRIVE(S):
    - C:\ (File System: FAT32)
    - D:\ (File System: FAT32)

    # Internet Explorer v7.0.5730.13

    --------- [ RUNNING PROCESSES: 66 ] ---------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\SYSTEM32\WOWEXEC.EXE

    -----------------------------------

    +-----------------------| Boonty/Boonty Games Elements found :

    .

    +-----------------------| Eorezo Elements found :

    "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
    "HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
    "HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
    "HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
    "HKEY_CURRENT_USER\SOFTWARE\EoRezo"
    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
    .
    [2008-10-11 12:02] C:\Program Files\EoRezo
    [2008-10-11 12:02] C:\Program Files\EoRezo\EoAdv
    [2008-11-01 15:52] C:\Program Files\EoRezo\EoAdv\eoAdv.url
    [2008-10-11 12:06] C:\Program Files\EoRezo\EoAdv\tmp
    [2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
    [2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.7219
    [2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.6211
    [2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.1526
    [2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.8523
    [2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.4646
    [2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.9129
    [2008-09-24 09:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.3192
    [2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo
    [2008-12-30 16:17] C:\Documents and Settings\user\Application Data\EoRezo\user.cyp
    [2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\host.cyp
    [2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\cmhost.cyp
    [2008-12-30 16:17] C:\Documents and Settings\user\Application Data\EoRezo\cache
    [2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo\db
    [2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\ConfMedia.cyp
    [2008-10-11 12:02] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop
    [2008-10-11 12:03] C:\Documents and Settings\user\Application Data\EoRezo\eoStats
    [2008-12-05 13:16] C:\Documents and Settings\user\Application Data\EoRezo\db\cat.cyp
    [2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\config.xml
    [2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\userConfig.xml
    [2008-12-30 16:03] C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop\eoDesktop.html
    [2008-12-23 13:17] C:\Documents and Settings\user\Application Data\EoRezo\eoStats\eoStats.txt
    [2008-12-30 16:03] C:\WINDOWS\Prefetch\EOENGINE.EXE-25D17307.pf
    [2008-12-24 00:49] C:\Documents and Settings\user\Cookies\user@eorezo[1].txt
    [2008-12-30 14:56] C:\Documents and Settings\user\Cookies\user@ads.eorezo[2].txt

    +-----------------------| Everest Poker Elements found :

    .

    +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

    .

    +-----------------------| It's TV Elements found :

    .

    +-----------------------| Sweetim Elements found :

    .
    [2006-04-15 16:20] C:\WINDOWS\Installer\{4AD13F68-CADA-4C6B-9759-C33753F89908}\ARPPRODUCTICON.exe
    [2006-04-15 16:10] C:\WINDOWS\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\ARPPRODUCTICON.exe
    [2006-04-15 16:11] C:\WINDOWS\Installer\{385979FE-DC4F-4140-8EAD-A59625000D72}\ARPPRODUCTICON.exe
    [2007-02-13 11:47] C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\ARPPRODUCTICON.exe
    [2007-02-13 11:47] C:\WINDOWS\Installer\{2F81FBFC-9A37-431F-9050-14B55485DF5A}\ARPPRODUCTICON.exe
    [2007-02-13 11:48] C:\WINDOWS\Installer\{91F1A0D6-23AD-49FE-8D4E-379485652214}\ARPPRODUCTICON.exe
    [2007-02-13 11:49] C:\WINDOWS\Installer\{C7281207-4AA4-425E-B57A-0E9EF8445635}\ARPPRODUCTICON.exe
    [2007-02-13 11:49] C:\WINDOWS\Installer\{4C96958A-6562-4143-B820-FF4890D3B734}\ARPPRODUCTICON.exe
    [2007-02-13 11:49] C:\WINDOWS\Installer\{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}\ARPPRODUCTICON.exe
    [2007-02-13 11:50] C:\WINDOWS\Installer\{45EF4EE3-F591-4B74-A477-0CAE12934CE7}\ARPPRODUCTICON.exe
    [2007-02-13 11:50] C:\WINDOWS\Installer\{28291BD5-92D2-4685-82DC-CCA925C53CCA}\ARPPRODUCTICON.exe
    [2007-02-13 11:50] C:\WINDOWS\Installer\{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}\ARPPRODUCTICON.exe
    [2008-10-28 12:54] C:\WINDOWS\Installer\{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}\ARPPRODUCTICON.exe

    +-----------------------| ADDED SCAN :

    +--[HKEY_CURRENT_USER\..\Run]

    CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
    MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    MsServer REG_SZ msfun80.exe

    +--[HKEY_LOCAL_MACHINE\..\Run]

    LaunchApp REG_SZ Alaunch
    AGRSMMSG REG_SZ AGRSMMSG.exe
    RTHDCPL REG_SZ RTHDCPL.EXE
    AzMixerSel REG_SZ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    PCMService REG_SZ "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    ntiMUI REG_SZ C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    Acer ePresentation HPD REG_SZ C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe
    igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe
    igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe
    ePower_DMC REG_SZ C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    Boot REG_SZ C:\Acer\Empowering Technology\ePower\Boot.exe
    LManager REG_SZ C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
    LogitechCameraAssistant REG_SZ C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    LogitechVideo[inspector] REG_SZ C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
    LogitechCameraService(E) REG_SZ C:\WINDOWS\system32\ElkCtrl.exe /automation
    eRecoveryService REG_SZ C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    ImageItEncrypt REG_SZ C:\WINDOWS\system32\ImageItEncrypt.exe
    QuickTime Task REG_SZ "C:\Documents and Settings\user\Bureau\QuickTime\qttask.exe" -atboottime
    EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    +--[HKEY_USERS\.DEFAULT\..\Run]

    CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

    +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

    Start Page : hxxp://lo.st#home

    +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

    Start Page : hxxp://fr.msn.com/

    +---------------------------------------------------------------------------+

    - "C:\AD-report-Scan-20.8-.2-30.log" (~10565 bytes)

    # END at: 16:19:35 | 2008-12-30 - Time elapsed: 47.5 seconds

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 184 lines ]
    +---------------------------------------------------------------------------+
    0
  • 1
  • 2
  • 3
  • 4