Erreur de system32\rqrharhg.dll

Résolu
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention   -  
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour le fofo , voila je vous explique mon problème, à chaque fois que je lance windows, un mesage d'erreur s'affiche disant :
"erreur de chargement de C:\Windows\system32\rqRHARhg.dll
Le module spécifiée est introuvable."

Donc j'ai cherché sur des sites permettant de télécharger les .dll manquant mais je n'ai pas trouvé celui-ci...
Pouvez-vous m'aidez afin que cette erreur ne s'affiche plus merci d'avance pour vos réponses....

22 réponses

  • 1
  • 2
Réponse 1 / 22
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Salut,

Tu as une infection Vundo.

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.
1
Réponse 2 / 22
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Tu as d'autres infections.

--> Désactive l'UAC le temps de la désinfection.

--> Télécharge Lop S&D (par Eric_71 & Angeldark) sur ton Bureau.

--> Double-clique dessus pour lancer l'installation.

--> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).

--> Patiente jusqu'à la fin du scan.

--> Poste le rapport généré (C:\lopR.txt).
1
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
voila le rapport généré :


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Soares ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Antivirus 12.0 (Not Activated)
Firewall : BitDefender Firewall 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:144 Go (Free:76 Go)
D:\ (Local Disk) - NTFS - Total:144 Go (Free:141 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (Local Disk) - FAT32 - Total:298 Go (Free:29 Go)
K:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 15/04/2009|13:17 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[15/03/2008|23:37] C:\Users\Soares\AppData\Local\Acer Arcade Live
[28/01/2009|07:49] C:\Users\Soares\AppData\Local\Adobe
[20/09/2008|09:28] C:\Users\Soares\AppData\Local\Apple
[22/03/2008|11:09] C:\Users\Soares\AppData\Local\Apple Computer
[15/03/2008|22:39] C:\Users\Soares\AppData\Local\Application Data
[25/07/2008|22:05] C:\Users\Soares\AppData\Local\Apps
[15/03/2008|22:40] C:\Users\Soares\AppData\Local\ATI
[30/03/2008|00:14] C:\Users\Soares\AppData\Local\CyberLink
[11/04/2009|18:38] C:\Users\Soares\AppData\Local\d3d9caps.dat
[15/04/2009|10:12] C:\Users\Soares\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07/04/2008|19:19] C:\Users\Soares\AppData\Local\Downloaded Installations
[18/03/2008|20:16] C:\Users\Soares\AppData\Local\DVDivine
[01/09/2008|12:14] C:\Users\Soares\AppData\Local\eMule
[18/03/2009|17:12] C:\Users\Soares\AppData\Local\GDIPFONTCACHEV1.DAT
[17/03/2008|20:30] C:\Users\Soares\AppData\Local\Google
[15/03/2008|22:39] C:\Users\Soares\AppData\Local\Historique
[30/03/2008|00:14] C:\Users\Soares\AppData\Local\HomeMedia
[30/03/2008|00:15] C:\Users\Soares\AppData\Local\HomeMedia Connect
[15/04/2009|13:12] C:\Users\Soares\AppData\Local\IconCache.db
[03/02/2009|19:44] C:\Users\Soares\AppData\Local\JollyBear
[11/04/2009|18:34] C:\Users\Soares\AppData\Local\LucasArts
[21/12/2008|21:15] C:\Users\Soares\AppData\Local\Microsoft
[19/07/2008|17:46] C:\Users\Soares\AppData\Local\Microsoft Games
[19/05/2008|18:36] C:\Users\Soares\AppData\Local\Microsoft Help
[16/03/2008|09:38] C:\Users\Soares\AppData\Local\Mozilla
[30/03/2008|11:50] C:\Users\Soares\AppData\Local\PlayMovie
[15/03/2008|22:39] C:\Users\Soares\AppData\Local\PowerCinema
[12/11/2008|18:00] C:\Users\Soares\AppData\Local\Seven Zip
[15/04/2009|13:16] C:\Users\Soares\AppData\Local\Temp
[15/03/2008|22:39] C:\Users\Soares\AppData\Local\Temporary Internet Files
[15/03/2008|23:33] C:\Users\Soares\AppData\Local\VirtualStore
[25/03/2009|20:59] C:\Users\Soares\AppData\Local\Zylom Games

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[14/12/2008 10:25][--a------] C:\Windows\tasks\ovvrlhxv.job
[15/04/2009 13:14][--ah-----] C:\Windows\tasks\SA.DAT
[15/04/2009 13:13][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[23/01/2009|08:50] C:\ProgramData\Adobe
[17/03/2008|21:06] C:\ProgramData\Amok Proxy Program.kwi8it
[20/09/2008|09:28] C:\ProgramData\Apple
[06/02/2009|14:44] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[13/12/2007|12:00] C:\ProgramData\ATI
[23/10/2008|06:31] C:\ProgramData\AVS4YOU
[09/03/2009|12:07] C:\ProgramData\Awem
[31/01/2009|13:09] C:\ProgramData\BitDefender
[09/03/2009|15:37] C:\ProgramData\BOONTY
[15/03/2008|22:36] C:\ProgramData\Bureau
[13/12/2007|12:19] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[22/10/2008|22:18] C:\ProgramData\Downloaded Installations
[01/09/2008|12:14] C:\ProgramData\eMule
[28/02/2009|11:05] C:\ProgramData\Enkord
[18/01/2009|11:55] C:\ProgramData\EPSON
[15/03/2008|23:35] C:\ProgramData\eSobi
[15/03/2008|22:36] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[25/02/2009|11:33] C:\ProgramData\Flood Light Games
[11/10/2008|16:52] C:\ProgramData\GameHouse
[17/03/2008|20:30] C:\ProgramData\Google
[03/02/2009|19:44] C:\ProgramData\JollyBear
[15/07/2008|18:56] C:\ProgramData\LauncherAccess.dt
[02/08/2008|13:56] C:\ProgramData\LightScribe
[04/11/2008|11:27] C:\ProgramData\LUUnInstall.LiveUpdate
[11/04/2009|18:32] C:\ProgramData\Media Center Programs
[15/03/2008|22:36] C:\ProgramData\Menu D‚marrer
[31/01/2009|16:10] C:\ProgramData\Messenger Plus!
[17/12/2008|17:54] C:\ProgramData\Microsoft
[12/12/2008|04:05] C:\ProgramData\Microsoft Help
[15/03/2008|22:36] C:\ProgramData\ModŠles
[11/07/2008|18:49] C:\ProgramData\My Movies
[23/01/2009|08:43] C:\ProgramData\NOS
[14/02/2009|12:44] C:\ProgramData\Playrix Entertainment
[27/03/2009|21:10] C:\ProgramData\Sports Interactive
[02/11/2006|15:02] C:\ProgramData\Start Menu
[04/11/2008|11:27] C:\ProgramData\Symantec
[09/03/2009|13:38] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[31/01/2009|17:06] C:\ProgramData\Tool Eggs Less City
[18/01/2009|12:00] C:\ProgramData\UDL
[17/03/2008|21:05] C:\ProgramData\Upload Bags Bags.19y03
[17/03/2008|21:05] C:\ProgramData\Upload Bags Bags.qvr31
[19/04/2008|17:42] C:\ProgramData\Upload Bags Bags.txphn
[11/11/2008|20:42] C:\ProgramData\WildTangent
[17/03/2008|20:31] C:\ProgramData\WLInstaller
[15/06/2008|19:54] C:\ProgramData\Xerox
[02/08/2008|09:48] C:\ProgramData\Zylom

--------------------\\ Listing des dossiers dans C:\Program Files

[18/01/2009|11:58] C:\Program Files\ABBYY FineReader 6.0 Sprint
[14/12/2008|11:49] C:\Program Files\AC3Filter
[13/12/2007|12:19] C:\Program Files\Acer Arcade Live
[13/12/2007|12:20] C:\Program Files\Acer Inc
[23/01/2009|08:50] C:\Program Files\Adobe
[31/08/2008|18:50] C:\Program Files\Alcohol Soft
[20/09/2008|09:28] C:\Program Files\Apple Software Update
[13/12/2007|11:56] C:\Program Files\ATI
[13/12/2007|11:57] C:\Program Files\ATI Technologies
[19/07/2008|18:37] C:\Program Files\AviSynth 2.5
[06/11/2008|23:45] C:\Program Files\AVS4YOU
[31/01/2009|13:06] C:\Program Files\BitDefender
[15/03/2008|23:31] C:\Program Files\Blip Blop
[27/03/2009|15:11] C:\Program Files\BoontyGames
[19/03/2009|08:59] C:\Program Files\Circle Developement
[22/03/2009|18:50] C:\Program Files\Clever Age
[27/03/2009|20:38] C:\Program Files\Common Files
[12/11/2008|18:02] C:\Program Files\Conduit
[23/07/2008|19:14] C:\Program Files\Corsair
[06/05/2007|21:30] C:\Program Files\CyberLink
[23/09/2008|20:15] C:\Program Files\DAEMON Tools Lite
[23/09/2008|20:15] C:\Program Files\DAEMON Tools Toolbar
[19/08/2008|22:24] C:\Program Files\DivX
[16/03/2008|22:18] C:\Program Files\DVDFab Platinum 4
[12/08/2008|20:51] C:\Program Files\EA GAMES
[04/10/2008|18:24] C:\Program Files\Elaborate Bytes
[24/09/2008|21:49] C:\Program Files\Electronic Arts
[01/09/2008|12:14] C:\Program Files\eMule
[18/01/2009|11:59] C:\Program Files\epson
[06/05/2007|21:34] C:\Program Files\eSobi
[14/12/2008|11:34] C:\Program Files\ffdshow
[15/03/2008|22:36] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[03/06/2008|19:36] C:\Program Files\Foxit Software
[04/11/2008|23:31] C:\Program Files\FoxTarot4
[12/11/2008|18:02] C:\Program Files\free-downloads.net
[01/03/2009|21:41] C:\Program Files\FrostWire
[20/03/2008|21:02] C:\Program Files\Guitar Pro 5
[16/06/2008|19:19] C:\Program Files\Hewlett-Packard
[11/04/2009|18:33] C:\Program Files\InstallShield Installation Information
[31/05/2008|15:22] C:\Program Files\Internet Explorer
[15/12/2008|08:58] C:\Program Files\Java
[18/03/2009|12:45] C:\Program Files\JRE
[15/04/2009|12:58] C:\Program Files\Lavalys
[11/04/2009|18:19] C:\Program Files\LucasArts
[11/07/2008|17:11] C:\Program Files\MCE
[01/07/2008|21:35] C:\Program Files\Messenger
[19/03/2009|08:59] C:\Program Files\Messenger Plus! Live
[19/02/2009|18:25] C:\Program Files\Microsoft
[18/03/2008|18:44] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[24/10/2008|07:31] C:\Program Files\Microsoft Games
[06/05/2007|21:22] C:\Program Files\Microsoft Office
[26/02/2009|21:49] C:\Program Files\Microsoft Silverlight
[26/02/2009|21:46] C:\Program Files\Microsoft SQL Server
[19/02/2009|18:24] C:\Program Files\Microsoft SQL Server Compact Edition
[10/09/2008|20:01] C:\Program Files\Microsoft Works
[11/07/2008|17:08] C:\Program Files\Microsoft.NET
[16/03/2009|21:56] C:\Program Files\Minilyrics
[31/05/2008|15:22] C:\Program Files\Movie Maker
[15/04/2009|13:15] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[01/07/2008|21:35] C:\Program Files\MSN Pictures Displayer
[18/03/2008|18:44] C:\Program Files\MSXML 4.0
[06/05/2007|21:18] C:\Program Files\NewTech Infosystems
[23/01/2009|08:39] C:\Program Files\NOS
[27/02/2009|09:44] C:\Program Files\Oberon Media
[18/03/2009|12:44] C:\Program Files\OpenOffice.org 2.4
[18/03/2009|12:45] C:\Program Files\OpenOffice.org 3
[14/12/2008|11:47] C:\Program Files\OpenSource Flash Video Splitter
[04/11/2008|13:02] C:\Program Files\Orb Networks
[15/03/2008|23:33] C:\Program Files\PhotoFiltre Studio
[27/03/2009|15:12] C:\Program Files\Pogo FR
[27/03/2009|15:09] C:\Program Files\PopCap Games
[06/02/2009|14:44] C:\Program Files\QuickTime
[06/05/2007|21:05] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[31/01/2009|23:18] C:\Program Files\ReflexiveArcade
[15/07/2008|18:43] C:\Program Files\Samsung
[13/12/2008|20:20] C:\Program Files\Sports Interactive
[04/11/2008|11:27] C:\Program Files\Symantec
[15/04/2009|12:48] C:\Program Files\trend micro
[14/12/2008|11:37] C:\Program Files\TVersity
[14/12/2008|13:54] C:\Program Files\UnFREEz
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[11/11/2008|20:42] C:\Program Files\Unlocker
[17/01/2009|17:58] C:\Program Files\VideoLAN
[12/12/2008|07:24] C:\Program Files\VirtualDJ
[24/05/2008|16:24] C:\Program Files\Watchtower
[31/05/2008|15:22] C:\Program Files\Windows Calendar
[31/05/2008|15:22] C:\Program Files\Windows Collaboration
[31/05/2008|15:22] C:\Program Files\Windows Defender
[31/05/2008|15:22] C:\Program Files\Windows Journal
[19/02/2009|18:25] C:\Program Files\Windows Live
[17/12/2008|18:05] C:\Program Files\Windows Live SkyDrive
[31/05/2008|15:22] C:\Program Files\Windows Mail
[12/03/2009|07:26] C:\Program Files\Windows Media Player
[15/03/2008|22:36] C:\Program Files\Windows NT
[31/05/2008|15:22] C:\Program Files\Windows Photo Gallery
[31/05/2008|15:22] C:\Program Files\Windows Sidebar
[15/03/2008|23:32] C:\Program Files\WinRAR
[13/12/2008|20:21] C:\Program Files\Zero G Registry
[27/03/2009|15:14] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[23/01/2009|08:50] C:\Program Files\Common Files\Adobe
[06/11/2008|23:45] C:\Program Files\Common Files\AVSMedia
[31/01/2009|13:06] C:\Program Files\Common Files\BitDefender
[09/03/2009|15:37] C:\Program Files\Common Files\BOONTY Shared
[06/05/2007|21:20] C:\Program Files\Common Files\DESIGNER
[16/06/2008|10:58] C:\Program Files\Common Files\Hewlett-Packard
[18/01/2009|12:01] C:\Program Files\Common Files\InstallShield
[29/03/2008|23:57] C:\Program Files\Common Files\Java
[06/05/2007|21:17] C:\Program Files\Common Files\LightScribe
[22/03/2009|18:40] C:\Program Files\Common Files\microsoft shared
[16/06/2008|10:58] C:\Program Files\Common Files\MSSoap
[06/05/2007|21:17] C:\Program Files\Common Files\muvee Technologies
[06/05/2007|21:18] C:\Program Files\Common Files\NewTech Infosystems
[20/07/2008|21:15] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[28/03/2009|08:41] C:\Program Files\Common Files\Steam
[04/11/2008|11:27] C:\Program Files\Common Files\Symantec Shared
[29/04/2008|21:34] C:\Program Files\Common Files\Synacast
[31/05/2008|15:22] C:\Program Files\Common Files\System
[17/12/2008|17:54] C:\Program Files\Common Files\Windows Live
[17/03/2008|20:39] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 79 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

C:\ProgramData\Upload Bags Bags.19y03
C:\ProgramData\Upload Bags Bags.qvr31
C:\ProgramData\Upload Bags Bags.txphn
C:\ProgramData\Amok Proxy Program.kwi8it

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Tool Eggs Less City
C:\Users\Soares\AppData\Local\Temp\msgpl_95b2.tmp
C:\Users\Soares\AppData\Local\Temp\msgpl_f88c.tmp
C:\Users\Soares\AppData\Local\Temp\nsd12CF.tmp
C:\Users\Soares\AppData\Local\Temp\nsgE2B2.tmp
C:\Program Files\Circle Developement
C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@adultfriendfinder[2].txt
C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@advertising[2].txt
C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@banner.cotedazurpalace[2].txt
C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@cotedazurpalace[1].txt
C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@2xmoinscher[2].txt
C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@www.2xmoinscher[2].txt

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Error mail"="\"C:\\ProgramData\\Upload Bags Bags.txphn\""
"LESS CITY AMEN SETUP"="\"C:\\ProgramData\\Amok Proxy Program.kwi8it\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 13:17:43
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Soares\AppData\Roaming\Microsoft\Windows\Recent\MiniLyrics.v6.2.3762.Multilangages.Incl-Keygen.[emule-island.com].lnk
C:\Users\Soares\AppData\Roaming\Microsoft\Windows\Recent\PhotoFiltre.Studio.v9.0.FR.Incl-Keygen.lnk


[F:2952][D:259]-> C:\Users\Soares\AppData\Local\Temp
[F:756][D:1]-> C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies
[F:4793][D:13]-> C:\Users\Soares\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:77][D:7]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 15/04/2009|13:21 - Option : [1]

--------------------\\ Fin du rapport a 13:21:10
[ UAC => 1 ]
0
Réponse 3 / 22
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
--> Double-clique sur le raccourci de Lop S&D pour le lancer.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Choisis cette fois-ci l'option 2 (Suppression).

--> Ne ferme pas la fenêtre lors de la suppression !

--> Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
1
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
voila le nouveau rapport généré :


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Soares ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Antivirus 12.0 (Not Activated)
Firewall : BitDefender Firewall 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:144 Go (Free:76 Go)
D:\ (Local Disk) - NTFS - Total:144 Go (Free:141 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (Local Disk) - FAT32 - Total:298 Go (Free:29 Go)
K:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 15/04/2009|14:07 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\Soares\AppData\Local\Temp\msgpl_95b2.tmp
Supprime! - C:\Users\Soares\AppData\Local\Temp\msgpl_f88c.tmp
Supprime! - C:\Users\Soares\AppData\Local\Temp\nsd12CF.tmp
Supprime! - C:\Users\Soares\AppData\Local\Temp\nsgE2B2.tmp
Supprime! - C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@adultfriendfinder[2].txt
Supprime! - C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@advertising[2].txt
Supprime! - C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@banner.cotedazurpalace[2].txt
Supprime! - C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@cotedazurpalace[1].txt
Supprime! - C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@2xmoinscher[2].txt
Supprime! - C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies\soares@www.2xmoinscher[2].txt
Supprime! - C:\ProgramData\Upload Bags Bags.19y03
Supprime! - C:\ProgramData\Upload Bags Bags.qvr31
Supprime! - C:\ProgramData\Upload Bags Bags.txphn
Supprime! - C:\ProgramData\Amok Proxy Program.kwi8it
Supprime! - C:\ProgramData\Tool Eggs Less City
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[15/03/2008|23:37] C:\Users\Soares\AppData\Local\Acer Arcade Live
[28/01/2009|07:49] C:\Users\Soares\AppData\Local\Adobe
[20/09/2008|09:28] C:\Users\Soares\AppData\Local\Apple
[22/03/2008|11:09] C:\Users\Soares\AppData\Local\Apple Computer
[15/03/2008|22:39] C:\Users\Soares\AppData\Local\Application Data
[25/07/2008|22:05] C:\Users\Soares\AppData\Local\Apps
[15/03/2008|22:40] C:\Users\Soares\AppData\Local\ATI
[30/03/2008|00:14] C:\Users\Soares\AppData\Local\CyberLink
[11/04/2009|18:38] C:\Users\Soares\AppData\Local\d3d9caps.dat
[15/04/2009|10:12] C:\Users\Soares\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07/04/2008|19:19] C:\Users\Soares\AppData\Local\Downloaded Installations
[18/03/2008|20:16] C:\Users\Soares\AppData\Local\DVDivine
[01/09/2008|12:14] C:\Users\Soares\AppData\Local\eMule
[18/03/2009|17:12] C:\Users\Soares\AppData\Local\GDIPFONTCACHEV1.DAT
[17/03/2008|20:30] C:\Users\Soares\AppData\Local\Google
[15/03/2008|22:39] C:\Users\Soares\AppData\Local\Historique
[30/03/2008|00:14] C:\Users\Soares\AppData\Local\HomeMedia
[30/03/2008|00:15] C:\Users\Soares\AppData\Local\HomeMedia Connect
[15/04/2009|13:12] C:\Users\Soares\AppData\Local\IconCache.db
[03/02/2009|19:44] C:\Users\Soares\AppData\Local\JollyBear
[11/04/2009|18:34] C:\Users\Soares\AppData\Local\LucasArts
[21/12/2008|21:15] C:\Users\Soares\AppData\Local\Microsoft
[19/07/2008|17:46] C:\Users\Soares\AppData\Local\Microsoft Games
[19/05/2008|18:36] C:\Users\Soares\AppData\Local\Microsoft Help
[16/03/2008|09:38] C:\Users\Soares\AppData\Local\Mozilla
[30/03/2008|11:50] C:\Users\Soares\AppData\Local\PlayMovie
[15/03/2008|22:39] C:\Users\Soares\AppData\Local\PowerCinema
[12/11/2008|18:00] C:\Users\Soares\AppData\Local\Seven Zip
[15/04/2009|14:07] C:\Users\Soares\AppData\Local\Temp
[15/03/2008|22:39] C:\Users\Soares\AppData\Local\Temporary Internet Files
[15/03/2008|23:33] C:\Users\Soares\AppData\Local\VirtualStore
[25/03/2009|20:59] C:\Users\Soares\AppData\Local\Zylom Games

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[14/12/2008 10:25][--a------] C:\Windows\tasks\ovvrlhxv.job
[15/04/2009 14:03][--ah-----] C:\Windows\tasks\SA.DAT
[15/04/2009 13:13][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[23/01/2009|08:50] C:\ProgramData\Adobe
[20/09/2008|09:28] C:\ProgramData\Apple
[06/02/2009|14:44] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[13/12/2007|12:00] C:\ProgramData\ATI
[23/10/2008|06:31] C:\ProgramData\AVS4YOU
[09/03/2009|12:07] C:\ProgramData\Awem
[31/01/2009|13:09] C:\ProgramData\BitDefender
[09/03/2009|15:37] C:\ProgramData\BOONTY
[15/03/2008|22:36] C:\ProgramData\Bureau
[13/12/2007|12:19] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[22/10/2008|22:18] C:\ProgramData\Downloaded Installations
[01/09/2008|12:14] C:\ProgramData\eMule
[28/02/2009|11:05] C:\ProgramData\Enkord
[18/01/2009|11:55] C:\ProgramData\EPSON
[15/03/2008|23:35] C:\ProgramData\eSobi
[15/03/2008|22:36] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[25/02/2009|11:33] C:\ProgramData\Flood Light Games
[11/10/2008|16:52] C:\ProgramData\GameHouse
[17/03/2008|20:30] C:\ProgramData\Google
[03/02/2009|19:44] C:\ProgramData\JollyBear
[15/07/2008|18:56] C:\ProgramData\LauncherAccess.dt
[02/08/2008|13:56] C:\ProgramData\LightScribe
[04/11/2008|11:27] C:\ProgramData\LUUnInstall.LiveUpdate
[11/04/2009|18:32] C:\ProgramData\Media Center Programs
[15/03/2008|22:36] C:\ProgramData\Menu D‚marrer
[31/01/2009|16:10] C:\ProgramData\Messenger Plus!
[17/12/2008|17:54] C:\ProgramData\Microsoft
[12/12/2008|04:05] C:\ProgramData\Microsoft Help
[15/03/2008|22:36] C:\ProgramData\ModŠles
[11/07/2008|18:49] C:\ProgramData\My Movies
[23/01/2009|08:43] C:\ProgramData\NOS
[14/02/2009|12:44] C:\ProgramData\Playrix Entertainment
[27/03/2009|21:10] C:\ProgramData\Sports Interactive
[02/11/2006|15:02] C:\ProgramData\Start Menu
[04/11/2008|11:27] C:\ProgramData\Symantec
[09/03/2009|13:38] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[18/01/2009|12:00] C:\ProgramData\UDL
[11/11/2008|20:42] C:\ProgramData\WildTangent
[17/03/2008|20:31] C:\ProgramData\WLInstaller
[15/06/2008|19:54] C:\ProgramData\Xerox
[02/08/2008|09:48] C:\ProgramData\Zylom

--------------------\\ Listing des dossiers dans C:\Program Files

[18/01/2009|11:58] C:\Program Files\ABBYY FineReader 6.0 Sprint
[14/12/2008|11:49] C:\Program Files\AC3Filter
[13/12/2007|12:19] C:\Program Files\Acer Arcade Live
[13/12/2007|12:20] C:\Program Files\Acer Inc
[23/01/2009|08:50] C:\Program Files\Adobe
[31/08/2008|18:50] C:\Program Files\Alcohol Soft
[20/09/2008|09:28] C:\Program Files\Apple Software Update
[13/12/2007|11:56] C:\Program Files\ATI
[13/12/2007|11:57] C:\Program Files\ATI Technologies
[19/07/2008|18:37] C:\Program Files\AviSynth 2.5
[06/11/2008|23:45] C:\Program Files\AVS4YOU
[31/01/2009|13:06] C:\Program Files\BitDefender
[15/03/2008|23:31] C:\Program Files\Blip Blop
[27/03/2009|15:11] C:\Program Files\BoontyGames
[22/03/2009|18:50] C:\Program Files\Clever Age
[27/03/2009|20:38] C:\Program Files\Common Files
[12/11/2008|18:02] C:\Program Files\Conduit
[23/07/2008|19:14] C:\Program Files\Corsair
[06/05/2007|21:30] C:\Program Files\CyberLink
[23/09/2008|20:15] C:\Program Files\DAEMON Tools Lite
[23/09/2008|20:15] C:\Program Files\DAEMON Tools Toolbar
[19/08/2008|22:24] C:\Program Files\DivX
[16/03/2008|22:18] C:\Program Files\DVDFab Platinum 4
[12/08/2008|20:51] C:\Program Files\EA GAMES
[04/10/2008|18:24] C:\Program Files\Elaborate Bytes
[24/09/2008|21:49] C:\Program Files\Electronic Arts
[01/09/2008|12:14] C:\Program Files\eMule
[18/01/2009|11:59] C:\Program Files\epson
[06/05/2007|21:34] C:\Program Files\eSobi
[14/12/2008|11:34] C:\Program Files\ffdshow
[15/03/2008|22:36] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[03/06/2008|19:36] C:\Program Files\Foxit Software
[04/11/2008|23:31] C:\Program Files\FoxTarot4
[12/11/2008|18:02] C:\Program Files\free-downloads.net
[01/03/2009|21:41] C:\Program Files\FrostWire
[20/03/2008|21:02] C:\Program Files\Guitar Pro 5
[16/06/2008|19:19] C:\Program Files\Hewlett-Packard
[11/04/2009|18:33] C:\Program Files\InstallShield Installation Information
[31/05/2008|15:22] C:\Program Files\Internet Explorer
[15/12/2008|08:58] C:\Program Files\Java
[18/03/2009|12:45] C:\Program Files\JRE
[15/04/2009|12:58] C:\Program Files\Lavalys
[11/04/2009|18:19] C:\Program Files\LucasArts
[11/07/2008|17:11] C:\Program Files\MCE
[01/07/2008|21:35] C:\Program Files\Messenger
[19/03/2009|08:59] C:\Program Files\Messenger Plus! Live
[19/02/2009|18:25] C:\Program Files\Microsoft
[18/03/2008|18:44] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[24/10/2008|07:31] C:\Program Files\Microsoft Games
[06/05/2007|21:22] C:\Program Files\Microsoft Office
[26/02/2009|21:49] C:\Program Files\Microsoft Silverlight
[26/02/2009|21:46] C:\Program Files\Microsoft SQL Server
[19/02/2009|18:24] C:\Program Files\Microsoft SQL Server Compact Edition
[10/09/2008|20:01] C:\Program Files\Microsoft Works
[11/07/2008|17:08] C:\Program Files\Microsoft.NET
[16/03/2009|21:56] C:\Program Files\Minilyrics
[31/05/2008|15:22] C:\Program Files\Movie Maker
[15/04/2009|13:58] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[01/07/2008|21:35] C:\Program Files\MSN Pictures Displayer
[18/03/2008|18:44] C:\Program Files\MSXML 4.0
[06/05/2007|21:18] C:\Program Files\NewTech Infosystems
[23/01/2009|08:39] C:\Program Files\NOS
[27/02/2009|09:44] C:\Program Files\Oberon Media
[18/03/2009|12:44] C:\Program Files\OpenOffice.org 2.4
[18/03/2009|12:45] C:\Program Files\OpenOffice.org 3
[14/12/2008|11:47] C:\Program Files\OpenSource Flash Video Splitter
[04/11/2008|13:02] C:\Program Files\Orb Networks
[15/03/2008|23:33] C:\Program Files\PhotoFiltre Studio
[27/03/2009|15:12] C:\Program Files\Pogo FR
[27/03/2009|15:09] C:\Program Files\PopCap Games
[06/02/2009|14:44] C:\Program Files\QuickTime
[06/05/2007|21:05] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[31/01/2009|23:18] C:\Program Files\ReflexiveArcade
[15/07/2008|18:43] C:\Program Files\Samsung
[13/12/2008|20:20] C:\Program Files\Sports Interactive
[04/11/2008|11:27] C:\Program Files\Symantec
[15/04/2009|12:48] C:\Program Files\trend micro
[14/12/2008|11:37] C:\Program Files\TVersity
[14/12/2008|13:54] C:\Program Files\UnFREEz
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[11/11/2008|20:42] C:\Program Files\Unlocker
[17/01/2009|17:58] C:\Program Files\VideoLAN
[12/12/2008|07:24] C:\Program Files\VirtualDJ
[24/05/2008|16:24] C:\Program Files\Watchtower
[31/05/2008|15:22] C:\Program Files\Windows Calendar
[31/05/2008|15:22] C:\Program Files\Windows Collaboration
[31/05/2008|15:22] C:\Program Files\Windows Defender
[31/05/2008|15:22] C:\Program Files\Windows Journal
[19/02/2009|18:25] C:\Program Files\Windows Live
[17/12/2008|18:05] C:\Program Files\Windows Live SkyDrive
[31/05/2008|15:22] C:\Program Files\Windows Mail
[12/03/2009|07:26] C:\Program Files\Windows Media Player
[15/03/2008|22:36] C:\Program Files\Windows NT
[31/05/2008|15:22] C:\Program Files\Windows Photo Gallery
[31/05/2008|15:22] C:\Program Files\Windows Sidebar
[15/03/2008|23:32] C:\Program Files\WinRAR
[13/12/2008|20:21] C:\Program Files\Zero G Registry
[27/03/2009|15:14] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[23/01/2009|08:50] C:\Program Files\Common Files\Adobe
[06/11/2008|23:45] C:\Program Files\Common Files\AVSMedia
[31/01/2009|13:06] C:\Program Files\Common Files\BitDefender
[09/03/2009|15:37] C:\Program Files\Common Files\BOONTY Shared
[06/05/2007|21:20] C:\Program Files\Common Files\DESIGNER
[16/06/2008|10:58] C:\Program Files\Common Files\Hewlett-Packard
[18/01/2009|12:01] C:\Program Files\Common Files\InstallShield
[29/03/2008|23:57] C:\Program Files\Common Files\Java
[06/05/2007|21:17] C:\Program Files\Common Files\LightScribe
[22/03/2009|18:40] C:\Program Files\Common Files\microsoft shared
[16/06/2008|10:58] C:\Program Files\Common Files\MSSoap
[06/05/2007|21:17] C:\Program Files\Common Files\muvee Technologies
[06/05/2007|21:18] C:\Program Files\Common Files\NewTech Infosystems
[20/07/2008|21:15] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[28/03/2009|08:41] C:\Program Files\Common Files\Steam
[04/11/2008|11:27] C:\Program Files\Common Files\Symantec Shared
[29/04/2008|21:34] C:\Program Files\Common Files\Synacast
[31/05/2008|15:22] C:\Program Files\Common Files\System
[17/12/2008|17:54] C:\Program Files\Common Files\Windows Live
[17/03/2008|20:39] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 79 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 14:07:59
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Soares\AppData\Roaming\Microsoft\Windows\Recent\MiniLyrics.v6.2.3762.Multilangages.Incl-Keygen.[emule-island.com].lnk
C:\Users\Soares\AppData\Roaming\Microsoft\Windows\Recent\PhotoFiltre.Studio.v9.0.FR.Incl-Keygen.lnk


[F:2948][D:260]-> C:\Users\Soares\AppData\Local\Temp
[F:750][D:1]-> C:\Users\Soares\AppData\Roaming\MICROS~1\Windows\Cookies
[F:4793][D:13]-> C:\Users\Soares\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:77][D:7]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 15/04/2009|13:21 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 15/04/2009|14:11 - Option : [2]

--------------------\\ Fin du rapport a 14:11:21
[ UAC => 1 ]
0
Réponse 4 / 22
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Désinstalle les programmes suivants :
- DAEMON Tools Toolbar
- Java 6 Update 11
- Java 6 Update 4
- Java 6 Update 5
- Java 6 Update 7
- UsbFix

---> Mets à jour Java.

---> Mets à jour Adobe Reader.

---> Refais un scan RSIT et poste le rapport log.
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Ok merci, donc voila le log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Soares at 2009-04-15 12:47:50
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 78 GB (53%) free of 148 GB
Total RAM: 3071 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:07, on 15/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MCE\My Movies\My Movies Tray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Soares\Videos\Downloads\RSIT.exe
C:\Program Files\trend micro\Soares.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [My Movies Tray] "C:\Program Files\MCE\My Movies\My Movies Tray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SpywareCleaner] C:\Windows\system32\SpywareRemover.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRHARhg.dll,#1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Security Center] "C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" /init
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.txphn"
O4 - HKCU\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\Amok Proxy Program.kwi8it"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [connectiv32] C:\backup\connectiv32.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Twain] C:\Users\Soares\AppData\Roaming\Twain\Twain.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_SCB07.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "D:\Programmes\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D32D30A7-1DD6-4AB7-8749-6F71F8437716}: NameServer = 192.168.1.1,192.168.1.4
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
0
Réponse 6 / 22
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
ya un problème je n'arrive pas a poster mon rapport, quand je met ajouter pour qu'il soit poster, il n'apparait pas alor qu'il me confirme qu'il a été ajouté au forum, et la je n'ait pas le lien "revenir a la discussion", seulement le lien "revenir au forum" mais il n'apparait pas......?? :(
0
Réponse 7 / 22
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Clique sur mon pseudo, tu auras mon mail pour m'envoyer le rapport.
0
Réponse 8 / 22
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
voila je te l'ai envoyé en msg privé....
0
Réponse 9 / 22
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Réponse 10 / 22
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
C'est bon j'ai tout fait et voila le rapport d'analyse :
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1986
Windows 6.0.6001 Service Pack 1

15/04/2009 15:47:43
mbam-log-2009-04-15 (15-47-43).txt

Type de recherche: Examen rapide
Eléments examinés: 74975
Temps écoulé: 3 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{c81bab98-02d9-4ccd-bc3b-9a0c4609706f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c81bab98-02d9-4ccd-bc3b-9a0c4609706f} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users\Soares\AppData\Roaming\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 11 / 22
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Supprime les traces de Norton avec ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

---> Refais un scan RSIT et poste le rapport log.
0
Réponse 12 / 22
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
voila le rapport log après avoir suprimé les fichiers en quarantaine :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Soares at 2009-04-15 16:17:55
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 78 GB (53%) free of 148 GB
Total RAM: 3071 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:14, on 15/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MCE\My Movies\My Movies Tray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Users\Soares\Videos\Downloads\RSIT.exe
C:\Program Files\trend micro\Soares.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [My Movies Tray] "C:\Program Files\MCE\My Movies\My Movies Tray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SpywareCleaner] C:\Windows\system32\SpywareRemover.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRHARhg.dll,#1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Security Center] "C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" /init
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [connectiv32] C:\backup\connectiv32.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Twain] C:\Users\Soares\AppData\Roaming\Twain\Twain.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_SCB07.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "D:\Programmes\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D32D30A7-1DD6-4AB7-8749-6F71F8437716}: NameServer = 192.168.1.1,192.168.1.4
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
0
Réponse 13 / 22
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
--> Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Clique droit sur le raccourci UsbFix sur ton Bureau et choisis Exécuter en tant qu'administrateur.

--> Choisis l'option 1 (Recherche).

--> Laisse travailler l'outil.

--> Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
0
Réponse 14 / 22
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Désolé j'ai du m'absenter pour la soirée hier, donc voila le rapport de USBFIX :

############################## [ UsbFix V3.008 ]

# User : Soares (Administrateurs) # PC-DE-SOARES
# Update on 13/04/09 by C_XX & Chiquitine29
# Start at: 10:33:28 | 16/04/2009

# AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 12.0 [ (!) Disabled | Updated ]
# FW : BitDefender Firewall[ Enabled ]12.0

# C:\ # Disque fixe local # 144,3 Go (96,62 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 144,03 Go (141,36 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque fixe local # 298,02 Go (29,21 Go free) [EXTERNE] # FAT32
# K:\ # Disque CD-ROM
# L:\ # Disque amovible # 3,73 Go (181,91 Mo free) [KEISAR] # FAT32

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Windows\VM303_STI.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MCE\My Movies\My Movies Tray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\TVersity\Media Server\web\admin\TVersity.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.msn.com/fr-fr"
HKCU_Main: "Secondary Start Pages"=hex(7):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,67,00,\
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKCU_Run: ehTray.exe=C:\Windows\ehome\ehTray.exe
HKCU_Run: updateMgr=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
HKCU_Run: connectiv32=C:\backup\connectiv32.exe
HKCU_Run: DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
HKCU_Run: Twain=C:\Users\Soares\AppData\Roaming\Twain\Twain.exe
HKCU_Run: EPSON Stylus DX8400 Series=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_SCB07.tmp" /EF "HKCU"
HKCU_Run: Steam="D:\Programmes\Steam.exe" -silent
HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM_Run: RtHDVCpl=RtHDVCpl.exe
HKLM_Run: Acer Tour=
HKLM_Run: Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe
HKLM_Run: eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
HKLM_Run: StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
HKLM_Run: WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
HKLM_Run: PlayMovie="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
HKLM_Run: eRecoveryService=
HKLM_Run: Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
HKLM_Run: BigDog303=C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: Share-to-Web Namespace Daemon=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
HKLM_Run: zzzHPSETUP=E:\Setup.exe
HKLM_Run: Transcode360=C:\Program Files\Transcode360\Transcode360Tray.exe
HKLM_Run: My Movies Tray="C:\Program Files\MCE\My Movies\My Movies Tray.exe"
HKLM_Run: UnlockerAssistant="C:\Program Files\Unlocker\UnlockerAssistant.exe"
HKLM_Run: SpywareCleaner=C:\Windows\system32\SpywareRemover.exe
HKLM_Run: MSServer=rundll32.exe C:\Windows\system32\rqRHARhg.dll,#1
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: BitDefender Security Center="C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" /init
HKLM_Run: BDAgent="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
HKLM_Run: BitDefender Antiphishing Helper="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=

################## [ Informations ]


# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "zzzHPSETUP"

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\open\Command

################## [ ! Fin du rapport # UsbFix V3.008 ! ]
0
Réponse 15 / 22
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Clique droit sur le raccourci UsbFix présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.

--> Choisis l'option 2 (Suppression).

--> Ton Bureau disparaîtra et le PC redémarrera.

--> Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

--> Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
0
Réponse 16 / 22
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Voila le rapport :

############################## [ UsbFix V3.008 ]

# User : Soares (Administrateurs) # PC-DE-SOARES
# Update on 13/04/09 by C_XX & Chiquitine29
# Start at: 19:12:40 | 16/04/2009

# AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 12.0 [ (!) Disabled | Updated ]
# FW : BitDefender Firewall[ Enabled ]12.0

# C:\ # Disque fixe local # 144,3 Go (94,74 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 144,03 Go (141,36 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM # 376,67 Mo (0 Mo free) [BuildingAndCo] # CDFS
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque fixe local # 298,02 Go (28,46 Go free) [EXTERNE] # FAT32
# K:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

################## [ Fichiers # Dossiers infectieux ]

(!) Not Deleted ! E:\Setup.exe
(!) Not Deleted ! E:\"autorun.inf"

################## [ Registre # Clés Run infectieuses ]

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "zzzHPSETUP"

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{b5833ef4-a960-11dc-b2cf-806e6f6e6963}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\Auto\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\open\Command

################## [ Listing des fichiers présent ]

C:\autoexec.bat
E:\BuildingAndCo.exe
E:\MyLauncher.exe
E:\Setup.exe
E:\autorun.inf

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# J:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.008 ! ]
0
Réponse 17 / 22
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
voila le rapport log :


############################## [ UsbFix V3.008 ]

# User : Soares (Administrateurs) # PC-DE-SOARES
# Update on 13/04/09 by C_XX & Chiquitine29
# Start at: 19:12:40 | 16/04/2009

# AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 12.0 [ (!) Disabled | Updated ]
# FW : BitDefender Firewall[ Enabled ]12.0

# C:\ # Disque fixe local # 144,3 Go (94,74 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 144,03 Go (141,36 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM # 376,67 Mo (0 Mo free) [BuildingAndCo] # CDFS
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque fixe local # 298,02 Go (28,46 Go free) [EXTERNE] # FAT32
# K:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

################## [ Fichiers # Dossiers infectieux ]

(!) Not Deleted ! E:\Setup.exe
(!) Not Deleted ! E:\"autorun.inf"

################## [ Registre # Clés Run infectieuses ]

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "zzzHPSETUP"

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{b5833ef4-a960-11dc-b2cf-806e6f6e6963}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\Auto\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}\Shell\open\Command

################## [ Listing des fichiers présent ]

C:\autoexec.bat
E:\BuildingAndCo.exe
E:\MyLauncher.exe
E:\Setup.exe
E:\autorun.inf

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# J:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.008 ! ]
0
Réponse 18 / 22
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Pourquoi postes-tu ce rapport ?
0
Réponse 19 / 22
keisar63 Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Excuse j'ai posté le mauvais rapport...
voila le bon :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Soares at 2009-04-17 09:13:49
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 95 GB (64%) free of 148 GB
Total RAM: 3071 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:13:54, on 17/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MCE\My Movies\My Movies Tray.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Soares\Videos\Downloads\RSIT.exe
C:\Program Files\trend micro\Soares.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe
O4 - HKLM\..\Run: [My Movies Tray] "C:\Program Files\MCE\My Movies\My Movies Tray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SpywareCleaner] C:\Windows\system32\SpywareRemover.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRHARhg.dll,#1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Security Center] "C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" /init
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [connectiv32] C:\backup\connectiv32.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Twain] C:\Users\Soares\AppData\Roaming\Twain\Twain.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_SCB07.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Steam] "D:\Programmes\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D32D30A7-1DD6-4AB7-8749-6F71F8437716}: NameServer = 192.168.1.1,192.168.1.4
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
0
Réponse 20 / 22
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:services
Planificateur LiveUpdate automatique

:files
C:\Windows\tasks\ovvrlhxv.job
C:\Users\Soares\AppData\Roaming\Twain
C:\Program Files\DAEMON Tools Toolbar

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareCleaner"=-
"MSServer"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"connectiv32"=-
"Twain"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35f6f28-e913-11dd-892e-0060b3e64845}]

:commands
[purity]
[emptytemp]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0

Discussions similaires

Erreur 3005 sur France TV
Cambodgil -
PK -

5 réponses
Windows bloqué --> x:\windows\system32>
MO34 -
MisteryBean -

9 réponses
Erreur de lecture sur iptv smarters
Bogs -
bazfile -

1 réponse
Code erreur 3000
Laurent -
JM -

5 réponses
Panne T32 sur telecommande Orange
rayseg22G -
Fifi -

6 réponses