ordinateur virusé!! Fermé

Question

Bonjour,
Eh bien le titre parle tout seul! Mon ordinateur a était virusé, et je ne veux pas le formater, quelqu'un a une idée de ce que je dois faire s'il vous plait?

Détails supplémentaires: Je pense avoir été virusé par une amie. En effet, ce virus envoyait des messages sur msn à tout le monde, j'en ai ouvert un (ne sachant pas qu'elle était virusée), et maintenant me voila virusé!

sayce · Answer

Salut 
Je t'aiderai bien (vu que pour l'instant personne ne le fait pour l'instant) mais je ne sait pas si j'ai le Niveau  .. :'(

ak210306 · Answer

Télécharges msnfix : 
 http://sosvirus.changelog.fr/MSNFix.zip
Ou http://www.commentcamarche.net/telecharger/telecharger 34055374 msn fix
 c'est un logiciel spécialisé pour les virus lié à msn.
une fois téléchargé, tu le décompresse sur ton bureau
tu rentre dans le dossier msnfix
tu double clic sur MSNFIX.bat (le .bat ne sera peut-être pas présent)
une fenêtre avec un fond bleu va s'ouvrir
appuie sue R puis entrer (c'est pour rechercher l'infection)
il va démarrer un scan, à la fin il va te marquer en haut de la fenêtre s'il y a une infection
appuie sur une touche différente de q et sur entrer
l'ordinateur va peut-être te demander de redémarrer, acceptes
à la fin, tu auras un bloc note qui va s'ouvrir
copie et colle le contenue dans ton prochain rapport
Aide pour l’utiliser : https://www.malekal.com/supprimer-virus-desinfecter-pc/

Tu peux aussi utiliser msn cleaner :
http://www.commentcamarche.net/telecharger/telechargement 34056769 msncleaner
ou clean virus msn : http://www.commentcamarche.net/telecharger/telecharger 34056390 clean virus msn

Après ça, change ton mot de passe ainsi que ta question secrète

Nic00 · Answer

Salut,

passes MSNFix comme te le dis ak210306

puis on peut regarder un peu plus loin si tu veux:

&#9654; Télécharge random's system information tool (RSIT) 
&#9654;Enregistre le sur ton Bureau
&#9654; Double clique sur RSIT.exe pour l’exécuter. 

&#9654; Clique sur "continue" à l'écran Disclaimer. 

&#9654; Si l'outil HIjackThis  n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu n’auras qu’à  accepter la licence. 

&#9654; Une fois le scan terminé , 2 rapports vont apparaitre. 
&#9654;Poste les dans ton prochain message 
&#9654; Note : les rapports se trouvent aussi ici : ( log.txt & info.txt )

ffull41 · Answer

Bonjour! tout d'abbord, merci pour ces réponses! je vais m'atteler le plus vite possible à la purification de mon ordinateur! Je viens de télécharger msnfix, je demanderai un coup de main à mon frère pour le décomprésser (et oui, l'informatique et moi ça fait 2!) je vous tiens au courant de l'avancement de ce projet (réussite / échec)

Nic00 · Answer

Re,

Télécharge RSIT (désolé j'avais oublié le lien dans mon précédent message) 

le voici:

http://images.malwareremoval.com/random/RSIT.exe

et suis la procédure:

http://www.commentcamarche.net/forum/affich 12564133 ordinateur viruse?#5

ffull41 · Answer

mais ces deux blocs notes sont vraiment TRES TRES longs, c'est normal?

Nic00 · Answer

Oui c'est normal, poste les stp.

ffull41 · Answer

le deuxième qui s'appelle "log":

Logfile of random's system information tool 1.06 (written by random/random)
Run by Elise at 2009-05-25 19:03:27
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 28 GB (19%) free of 144 GB
Total RAM: 2038 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:29, on 25/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32undll32.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Elise\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\System32undll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Elise\RSIT.exe
C:\Program Files	rend micro\Elise.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Elise\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\Windows\system32\pr2ajbeb.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

ffull41 · Answer

le premier qui s'appelle "info", que j'ai du couper en deux car le postage a échoué 2 fois (partie 1):

info.txt logfile of random's system information tool 1.06 2009-05-25 19:04:43

======Uninstall list======

-->C:\Program Files\OrangeHSS\Uninstall\Bas_Debit_CustoUpdate\Shell.exe MainUninstall.shl
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Shockwave Player-->MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}
ADSL Neuf-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NEUF_FR*
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IPBCVenza.inf
Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
eMusic - 50 Free MP3 offer-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
eoEngine 8.0-->"C:\Program Files\EoRezo\unins000.exe"
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD} 
Firefox-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxFR*
Flash Player 9 Internet Explorer-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GOOGLE_EARTH*
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c  -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GoogleDesktop-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop*
GoogleToolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*
Harry Potter et la Coupe de Feu™ Démo-->C:\Program Files\Electronic Arts\Harry Potter et la Coupe de Feu Démo\EAUninstall.exe
Harry Potter et l'Ordre du Phénix™-->C:\Program Files\Electronic Arts\Harry Potter et l'Ordre du Phénix\EAUninstall.exe
HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
La Bataille pour la Terre du Milieu(tm)-->C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\EAUninstall.exe
Les Sims 2 : Nuits de Folie-->C:\Program Files\EA GAMES\Les Sims 2  Nuits de Folie\EAUninstall.exe
Les Sims 2 Académie-->C:\Program Files\EA GAMES\Les Sims 2 Académie\EAUninstall.exe
Les Sims 2 Fun en Famille Kit-->C:\Program Files\EA GAMES\Les Sims 2 Fun en Famille Kit\EAUninstall.exe
Les Sims 2 : La bonne affaire-->C:\Program Files\EA GAMES\Les Sims 2  La bonne affaire\EAUninstall.exe
Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Les Sims™ 2 Animaux & Cie-->C:\Program Files\EA GAMES\Les Sims 2 Animaux & Cie\EAUninstall.exe
Les Sims™ 2 H&M® Fashion Kit-->C:\Program Files\EA GAMES\Les Sims 2 H&M® Fashion Kit\EAUninstall.exe
Les Sims™ 2 Jour de fête ! Kit -->C:\Program Files\EA GAMES\Les Sims 2 Jour de fête ! Kit \EAUninstall.exe
Les Sims™ 2 Quartier Libre-->C:\Program Files\EA GAMES\Les Sims 2 Quartier Libre\EAUninstall.exe
Les Sims™ 2 Au fil des saisons-->C:\Program Files\EA GAMES\Les Sims 2 Au fil des saisons\EAUninstall.exe
Les Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\Les Sims 2 Bon Voyage\EAUninstall.exe
L'Ile Noyée-->"C:\Program Files\Micro Application\L'Ile Noyée\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Magic Sports-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *MagicSports*
MagicSports 3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5927AF0D-335C-41D6-937B-54587EBD6D2C}\setup.exe"  -uninstall
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se*
Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
Microsoft® Office Trial 2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFF2k7_FR*
Mise à jour Microsoft Office Excel 2007 Help  (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help  (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Navigateur Orange-->C:\Program Files\OrangeHSS\Uninstall\Browser\Shell.exe MainUninstall.shl
NetAnts-->C:\PROGRA~1\NetAnts\UNWISE.EXE C:\PROGRA~1\NetAnts\INSTALL.LOG
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_2_0_10\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help-->MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton 360-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *N360_2007_FR*
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component-->MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Nostale Online FR (Remove)-->"C:\Nostale(FR)\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Packard Bell Demo-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PB_DEMO*
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
Pangya_Eu (GOA)-->C:\Program Files\GOA\Pangya_Eu\uninstall.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Picasa2-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Picasa_2*
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
RomStation-->C:\Program Files\RomStation\Uninstal.exe
Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
RPG Maker VX 1.2 Nino-->"C:\Program Files\RPG Maker VX\unins000.exe"
Sandlot Games Client Services 1.2.2-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Shockwave player 10-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*
Skype 3.2.2.163-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Skype™ 3.2-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SuppSoft-->MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls-->MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
VideoLAN VLC media player 0.8.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp Toolbar for Firefox-->"C:\Users\Elise\AppData\Roaming\Mozilla\Firefox\Profiles\yujm4tz1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Movie Maker Bêta-->MsiExec.exe /X{F874DF52-A31F-44C1-A606-EF40F1549261}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
WinLyrics-->C:\Program Files\Winamp\Plugins\WinLyrics\Uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}

======Security center information======

AV: Norton 360 (disabled) (outdated)
AV: avast! antivirus 4.8.1229 [VPS 081122-0]
FW: Norton 360
AS: Windows Defender
AS: Norton 360 (disabled) (outdated)
AS: avast! antivirus 4.8.1229 [VPS 081122-0]

ffull41 · Answer

le premier qui s'appelle "info", que j'ai du couper en deux car le postage a échoué 2 fois (partie 1):

info.txt logfile of random's system information tool 1.06 2009-05-25 19:04:43

======Uninstall list======

-->C:\Program Files\OrangeHSS\Uninstall\Bas_Debit_CustoUpdate\Shell.exe MainUninstall.shl
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Shockwave Player-->MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}
ADSL Neuf-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NEUF_FR*
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IPBCVenza.inf
Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
eMusic - 50 Free MP3 offer-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
eoEngine 8.0-->"C:\Program Files\EoRezo\unins000.exe"
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD} 
Firefox-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxFR*
Flash Player 9 Internet Explorer-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GOOGLE_EARTH*
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c  -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GoogleDesktop-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop*
GoogleToolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*
Harry Potter et la Coupe de Feu™ Démo-->C:\Program Files\Electronic Arts\Harry Potter et la Coupe de Feu Démo\EAUninstall.exe
Harry Potter et l'Ordre du Phénix™-->C:\Program Files\Electronic Arts\Harry Potter et l'Ordre du Phénix\EAUninstall.exe
HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
La Bataille pour la Terre du Milieu(tm)-->C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\EAUninstall.exe
Les Sims 2 : Nuits de Folie-->C:\Program Files\EA GAMES\Les Sims 2  Nuits de Folie\EAUninstall.exe
Les Sims 2 Académie-->C:\Program Files\EA GAMES\Les Sims 2 Académie\EAUninstall.exe
Les Sims 2 Fun en Famille Kit-->C:\Program Files\EA GAMES\Les Sims 2 Fun en Famille Kit\EAUninstall.exe
Les Sims 2 : La bonne affaire-->C:\Program Files\EA GAMES\Les Sims 2  La bonne affaire\EAUninstall.exe
Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Les Sims™ 2 Animaux & Cie-->C:\Program Files\EA GAMES\Les Sims 2 Animaux & Cie\EAUninstall.exe
Les Sims™ 2 H&M® Fashion Kit-->C:\Program Files\EA GAMES\Les Sims 2 H&M® Fashion Kit\EAUninstall.exe
Les Sims™ 2 Jour de fête ! Kit -->C:\Program Files\EA GAMES\Les Sims 2 Jour de fête ! Kit \EAUninstall.exe
Les Sims™ 2 Quartier Libre-->C:\Program Files\EA GAMES\Les Sims 2 Quartier Libre\EAUninstall.exe
Les Sims™ 2 Au fil des saisons-->C:\Program Files\EA GAMES\Les Sims 2 Au fil des saisons\EAUninstall.exe
Les Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\Les Sims 2 Bon Voyage\EAUninstall.exe
L'Ile Noyée-->"C:\Program Files\Micro Application\L'Ile Noyée\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Magic Sports-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *MagicSports*
MagicSports 3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5927AF0D-335C-41D6-937B-54587EBD6D2C}\setup.exe"  -uninstall
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se*
Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
Microsoft® Office Trial 2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFF2k7_FR*
Mise à jour Microsoft Office Excel 2007 Help  (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help  (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Navigateur Orange-->C:\Program Files\OrangeHSS\Uninstall\Browser\Shell.exe MainUninstall.shl
NetAnts-->C:\PROGRA~1\NetAnts\UNWISE.EXE C:\PROGRA~1\NetAnts\INSTALL.LOG
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_2_0_10\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help-->MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton 360-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *N360_2007_FR*
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component-->MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Nostale Online FR (Remove)-->"C:\Nostale(FR)\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Packard Bell Demo-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PB_DEMO*
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
Pangya_Eu (GOA)-->C:\Program Files\GOA\Pangya_Eu\uninstall.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Picasa2-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Picasa_2*
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
RomStation-->C:\Program Files\RomStation\Uninstal.exe
Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
RPG Maker VX 1.2 Nino-->"C:\Program Files\RPG Maker VX\unins000.exe"
Sandlot Games Client Services 1.2.2-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Shockwave player 10-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*
Skype 3.2.2.163-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Skype™ 3.2-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SuppSoft-->MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls-->MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
VideoLAN VLC media player 0.8.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp Toolbar for Firefox-->"C:\Users\Elise\AppData\Roaming\Mozilla\Firefox\Profiles\yujm4tz1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Movie Maker Bêta-->MsiExec.exe /X{F874DF52-A31F-44C1-A606-EF40F1549261}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
WinLyrics-->C:\Program Files\Winamp\Plugins\WinLyrics\Uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}

======Security center information======

AV: Norton 360 (disabled) (outdated)
AV: avast! antivirus 4.8.1229 [VPS 081122-0]
FW: Norton 360
AS: Windows Defender
AS: Norton 360 (disabled) (outdated)
AS: avast! antivirus 4.8.1229 [VPS 081122-0]

ffull41 · Answer

le premier qui s'appelle "info", mais cette fois ci c'est la 2ème partie:


======System event log======

Computer Name: PC-de-Elise
Event Code: 31004
Message: L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire de mémoire a rencontré une erreur interne.
Record Number: 131847
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20090525072720.000000-000
Event Type: Erreur
User: 

Computer Name: PC-de-Elise
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.
 Pour plus d’informations, consultez les données suivantes :
Non applicable
 	ID d’analyse : {9C68F0E2-134A-465C-868A-54A87146B479}
  	Utilisateur : PC-de-Elise\Elise
 	Nom : Unknown
 	ID : 
 	ID de gravité : 
 	ID de catégorie : 
 	Chemin d’accès trouvé : driver:avastTestService
 	Type d’alerte : Logiciel non classifié
 	Type de détection : 
Record Number: 131869
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090525164252.000000-000
Event Type: Avertissement
User: 

Computer Name: PC-de-Elise
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.
 Pour plus d’informations, consultez les données suivantes :
Non applicable
 	ID d’analyse : {70B5F44F-8687-4135-AE87-EE19244C6E7C}
  	Utilisateur : PC-de-Elise\Elise
 	Nom : Unknown
 	ID : 
 	ID de gravité : 
 	ID de catégorie : 
 	Chemin d’accès trouvé : service:avastTestService
 	Type d’alerte : Logiciel non classifié
 	Type de détection : 
Record Number: 131870
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090525164252.000000-000
Event Type: Avertissement
User: 

Computer Name: PC-de-Elise
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.
 Pour plus d’informations, consultez les données suivantes :
Non applicable
 	ID d’analyse : {16BA23F0-B530-453F-BA61-0FACEAF7FD5C}
  	Utilisateur : PC-de-Elise\Elise
 	Nom : Unknown
 	ID : 
 	ID de gravité : 
 	ID de catégorie : 
 	Chemin d’accès trouvé : service:inetaccs
 	Type d’alerte : Logiciel non classifié
 	Type de détection : 
Record Number: 131871
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090525164252.000000-000
Event Type: Avertissement
User: 

Computer Name: PC-de-Elise
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.
 Pour plus d’informations, consultez les données suivantes :
Non applicable
 	ID d’analyse : {8A5DC5A2-3659-4418-885F-009F3F017F0C}
  	Utilisateur : PC-de-Elise\Elise
 	Nom : Unknown
 	ID : 
 	ID de gravité : 
 	ID de catégorie : 
 	Chemin d’accès trouvé : driver:inetaccs
 	Type d’alerte : Logiciel non classifié
 	Type de détection : 
Record Number: 131872
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090525164252.000000-000
Event Type: Avertissement
User: 

=====Application event log=====

Computer Name: PC-de-Elise
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. 

 DÉTAIL - 
 1 user registry handles leaked from \Registry\User\S-1-5-21-3651832399-2692474341-4178974480-1002_Classes:
Process 984 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002_CLASSES

Record Number: 38295
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090514191514.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Elise
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. 

 DÉTAIL - 
 1 user registry handles leaked from \Registry\User\S-1-5-21-3651832399-2692474341-4178974480-1002:
Process 1020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002

Record Number: 38363
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090515211125.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Elise
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. 

 DÉTAIL - 
 1 user registry handles leaked from \Registry\User\S-1-5-21-3651832399-2692474341-4178974480-1002_Classes:
Process 1020 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002_CLASSES

Record Number: 38364
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090515211125.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Elise
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. 

 DÉTAIL - 
 16 user registry handles leaked from \Registry\User\S-1-5-21-3651832399-2692474341-4178974480-1002:
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002
Process 996 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002\Software\Microsoft\SystemCertificates\Disallowed
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002\Software\Microsoft\SystemCertificates	rust
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002\Software\Policies\Microsoft\SystemCertificates
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002\Software\Policies\Microsoft\SystemCertificates
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002\Software\Policies\Microsoft\SystemCertificates
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002\Software\Policies\Microsoft\SystemCertificates
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002\Software\Microsoft\SystemCertificates\My
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002\Software\Microsoft\SystemCertificates\Root
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1680 (\Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002\Software\Microsoft\SystemCertificates\CA

Record Number: 38562
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090523181734.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Elise
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. 

 DÉTAIL - 
 1 user registry handles leaked from \Registry\User\S-1-5-21-3651832399-2692474341-4178974480-1002_Classes:
Process 996 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3651832399-2692474341-4178974480-1002_CLASSES

Record Number: 38563
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090523181735.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: PC-de-Elise
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
	ID de sécurité :		S-1-5-7
	Nom du compte :		ANONYMOUS LOGON
	Domaine du compte :		AUTORITE NT
	ID du compte :		0x8fe623

Type d’ouverture de session :			3

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 40445
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227163515.509418-000
Event Type: Succès de l'audit
User: 

Computer Name: PC-de-Elise
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
	ID de sécurité :		S-1-5-7
	Nom du compte :		ANONYMOUS LOGON
	Domaine du compte :		AUTORITE NT
	ID du compte :		0x8fe693

Type d’ouverture de session :			3

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 40446
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227163515.519418-000
Event Type: Succès de l'audit
User: 

Computer Name: PC-de-Elise
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
	ID de sécurité :		S-1-0-0
	Nom du compte :		-
	Domaine du compte :		-
	ID d’ouverture de session :		0x0

Type d’ouverture de session :			3

Nouvelle ouverture de session :
	ID de sécurité :		S-1-5-7
	Nom du compte :		ANONYMOUS LOGON
	Domaine du compte :		AUTORITE NT
	ID d’ouverture de session :		0x92cc75
	GUID d’ouverture de session :		{00000000-0000-0000-0000-000000000000}

Informations sur le processus :
	ID du processus :		0x0
	Nom du processus :		-

Informations sur le réseau :
	Nom de la station de travail :	PC-DE-JÉRÉMY
	Adresse du réseau source :	192.168.1.45
	Port source :		51124

Informations détaillées sur l’authentification :
	Processus d’ouverture de session :		NtLmSsp 
	Package d’authentification :	NTLM
	Services en transit :	-
	Nom du package (NTLM uniquement) :	NTLM V1
	Longueur de la clé :		128

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
	- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
	- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
	- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
	- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 40447
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227164705.144418-000
Event Type: Succès de l'audit
User: 

Computer Name: PC-de-Elise
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
	ID de sécurité :		S-1-0-0
	Nom du compte :		-
	Domaine du compte :		-
	ID d’ouverture de session :		0x0

Type d’ouverture de session :			3

Nouvelle ouverture de session :
	ID de sécurité :		S-1-5-7
	Nom du compte :		ANONYMOUS LOGON
	Domaine du compte :		AUTORITE NT
	ID d’ouverture de session :		0x92cc93
	GUID d’ouverture de session :		{00000000-0000-0000-0000-000000000000}

Informations sur le processus :
	ID du processus :		0x0
	Nom du processus :		-

Informations sur le réseau :
	Nom de la station de travail :	PC-DE-JÉRÉMY
	Adresse du réseau source :	192.168.1.45
	Port source :		51125

Informations détaillées sur l’authentification :
	Processus d’ouverture de session :		NtLmSsp 
	Package d’authentification :	NTLM
	Services en transit :	-
	Nom du package (NTLM uniquement) :	NTLM V1
	Longueur de la clé :		128

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
	- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
	- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
	- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
	- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 40448
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227164705.229418-000
Event Type: Succès de l'audit
User: 

Computer Name: PC-de-Elise
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
	ID de sécurité :		S-1-5-7
	Nom du compte :		ANONYMOUS LOGON
	Domaine du compte :		AUTORITE NT
	ID du compte :		0x92cc75

Type d’ouverture de session :			3

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 40449
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227164715.513418-000
Event Type: Succès de l'audit
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

Nic00 · Answer

>> Télécharge et installe Malawarebytes’Anti-Malware : :http://www.malwarebytes.org/mbam/program/mbam-setup.exe 

>> mets le à jour puis lance le en double cliquant dessus. 

>> Choisis « Exécuter un examen complet » en cliquant dessus. 

>> Clique sur Rechercher 

>> Patiente jusqu’à la fin du scan…..une fenêtre s’ouvrira, clique alors sur OK 

>> Si MalwareByte's n'a rien détecté, clique sur Ok. Un rapport va apparaître ferme-le. 

>> Si MalwareByte's a détecté des infections, clique sur Afficher les résultats puis sur Supprimer la sélection 

>> Enregistre le rapport sur ton Bureau pour le trouver plus facilement.
>>  Poste ensuite ce rapport. 

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Nic00 · Answer

C'est possible, ça peut durer 1h comme ça peut durer + de 12h ^^.

ffull41 · Answer

Bonjour! voici le rapport qui est apparu lorsque j'ai voulu supprimer les dossiers infectés (au nombre de 4):

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2175
Windows 6.0.6001 Service Pack 1

26/05/2009 08:56:59
mbam-log-2009-05-26 (08-56-59).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 222784
Temps écoulé: 1 hour(s), 59 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.

ffull41 · Answer

il manquait ça:

o (Rogue.Eorezo) -> 

Delete on reboot.

Je présice, je sais pas si ça a un rapport, que EOREZO est aussi le nom des fenètres qui s'ouvrent n'importe quand sans mon consentement (intempestives donc je crois), enfin c'est marqué dans l'adresse.

Nic00 · Answer

&#9654;Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau :

http://oldtimer.geekstogo.com/OTMoveIt3.exe 

&#9654;Double-clique sur OTMoveIt.exe pour le lancer.
&#9654;Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée
&#9654;Copie / colle les lignes suivantes (en gras) dans la fenêtre de gauche de OTMoveIt nommé "Paste List of Files/Folders to be moved".



:processes
explorer.exe

:files

C:\Program Files\eoRezo

:reg 

[-HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]


&#9654;Clique sur MoveIt! pour lancer la suppression.
&#9654;Si OTMoveIt propose de redémarrer ton PC, accepte.
&#9654;Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.

&#9654;Dans ta prochaine réponse, envoie le rapport de OTMoveIt situé ici: C:\_OTMoveIt\MovedFiles

ffull41 · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
Folder move failed. C:\Program Files\EoRezo\lang scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo\EoAdv scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo\ not found.
========== COMMANDS ==========
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\burnlib.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\dsp_sps.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_aacplus.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_flac.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_flake.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_lame.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_vorbis.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_wav.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_wma.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_crasher.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_dropbox.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_ff.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_hotkeys.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_ml.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_tray.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_cdda.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_dshow.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_flac.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_flv.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_linein.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_midi.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_mod.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_mp3.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_mp4.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_nsv.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_swf.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_vorbis.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_wave.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_wm.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_autotag.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_bookmarks.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_dash.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_disc.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_history.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_impex.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_local.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_nowplaying.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_online.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_orb.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_playlists.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_plg.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_pmp.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_rg.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_transcode.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_wire.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\out_disk.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\out_ds.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\out_wave.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\playlist.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\pmp_activesync.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\pmp_ipod.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\pmp_njb.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\pmp_p4s.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\pmp_usb.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp	agz.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\vis_milk2.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\vis_nsfs.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\winamp.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF10C3.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF10D1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF1154.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF1162.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF11C9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF11D7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF1237.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF1245.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF12A5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF12B3.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF1337.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF1346.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF13A2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF143D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DFCEC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DFCFB.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DFEFC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DFFB9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~ROMFN_00000F24 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05302009_163211

Files moved on Reboot...
Folder move failed. C:\Program Files\EoRezo\lang scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo\EoAdv scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo\lang scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo\EoAdv scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo scheduled to be moved on reboot.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\burnlib.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\dsp_sps.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_aacplus.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_flac.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_flake.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_lame.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_vorbis.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_wav.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\enc_wma.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_crasher.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_dropbox.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_ff.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_hotkeys.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_ml.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\gen_tray.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_cdda.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_dshow.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_flac.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_flv.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_linein.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_midi.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_mod.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_mp3.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_mp4.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_nsv.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_swf.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_vorbis.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_wave.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\in_wm.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_autotag.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_bookmarks.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_dash.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_disc.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_history.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_impex.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_local.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_nowplaying.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_online.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_orb.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_playlists.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_plg.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_pmp.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_rg.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_transcode.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\ml_wire.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\out_disk.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\out_ds.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\out_wave.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\playlist.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\pmp_activesync.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\pmp_ipod.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\pmp_njb.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\pmp_p4s.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\pmp_usb.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp	agz.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\vis_milk2.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\vis_nsfs.lng moved successfully.
C:\Users\Elise\AppData\Local\Temp\WLZ78D7.tmp\winamp.lng moved successfully.
File C:\Users\Elise\AppData\Local\Temp\~DF10C3.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF10D1.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF1154.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF1162.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF11C9.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF11D7.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF1237.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF1245.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF12A5.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF12B3.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF1337.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF1346.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF13A2.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DF143D.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DFCEC.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DFCFB.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DFEFC.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~DFFB9.tmp not found!
File C:\Users\Elise\AppData\Local\Temp\~ROMFN_00000F24 not found!

Nic00 · Answer

Ok, reposte moi un rapport avec RIST stp parce que là, il est en plusieurs parties sur plusieurs messages.

ffull41 · Answer

voici le rapport de rsit, il s'appelle "log"

Logfile of random's system information tool 1.06 (written by random/random)
Run by Elise at 2009-05-30 19:10:22
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 28 GB (20%) free of 144 GB
Total RAM: 2038 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:51, on 30/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32undll32.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32undll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\Elise\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Elise\RSIT.exe
C:\Program Files	rend micro\Elise.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Elise\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9e13cdf6571d5) (gupdate1c9e13cdf6571d5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\Windows\system32\pr2ajbeb.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Nic00 · Answer

Manip à refaire...

&#9654;Double-clique sur OTMoveIt.exe pour le lancer.
&#9654;Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée
&#9654;Copie / colle les lignes suivantes (en gras) dans la fenêtre de gauche de OTMoveIt nommé "Paste List of Files/Folders to be moved".

__________________________________________________________________________________

:processes 
explorer.exe
EoEngine.exe 

:files

c:\program files\eorezo\eoadv\eorezobho.dll
c:\program files\eorezo\eoengine.exe
c:\program files
etants
aget.htm
c:\program files
etants
agetall.htm
e:\adober.exe
f:\adober.exe
c:\windows\system32undll32.exe

:Commands 
[purity] 
[emptytemp] 
[start explorer] 
[reboot]

__________________________________________________________________________________


&#9654;Clique sur MoveIt! pour lancer la suppression.
&#9654;Si OTMoveIt propose de redémarrer ton PC, accepte.
&#9654;Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.

&#9654;Dans ta prochaine réponse, envoie le rapport de OTMoveIt situé ici: C:\_OTMoveIt\MovedFiles

__________________________________________________________________________________
Ensuite:

Ouvre le Bloc-notes : 

>>Démarrer >>Tout les programmes >> Accessoires >>Bloc-notes
>>Copie /colle le contenu exacte (celui en dessous) de la citation dans le Bloc-Note et sauvegarde le sous Fix.reg 
>>Ferme le bloc-notes
>>Double-clique sur Fix.reg et valide.

/!\ N'oublie pas, lorsque tu renommes en Fix.reg, de bien tout renommer de manière à ce qu'il ne soit pas en .txt


Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"=-

__________________________________________________________________________________

&#9654;Télécharge GenProc :
http://www.genproc.com/GenProc.exe

&#9654;Exécute-le.
&#9654;Laisse le travailler et poste moi le rapport à la fin.

ffull41 · Answer

Alors là, c'est le rapport qui a dans "moved files"

========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: EoEngine.exe
========== FILES ==========
c:\program files\eorezo\eoadv\EoRezoBHO.dll NOT unregistered.
File move failed. c:\program files\eorezo\eoadv\EoRezoBHO.dll scheduled to be moved on reboot.
File move failed. c:\program files\eorezo\EoEngine.exe scheduled to be moved on reboot.
c:\program files
etants\NaGet.htm moved successfully.
c:\program files
etants\NaGetAll.htm moved successfully.
File/Folder e:\adober.exe not found.
File/Folder f:\adober.exe not found.
File move failed. c:\windows\system32undll32.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\burnlib.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\dsp_sps.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\enc_aacplus.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\enc_flac.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\enc_flake.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\enc_lame.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\enc_vorbis.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\enc_wav.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\enc_wma.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\gen_crasher.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\gen_dropbox.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\gen_ff.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\gen_hotkeys.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\gen_ml.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\gen_tray.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_cdda.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_dshow.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_flac.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_flv.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_linein.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_midi.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_mod.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_mp3.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_mp4.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_nsv.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_swf.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_vorbis.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_wave.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\in_wm.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_autotag.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_bookmarks.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_dash.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_disc.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_history.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_impex.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_local.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_nowplaying.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_online.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_orb.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_playlists.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_plg.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_pmp.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_rg.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_transcode.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\ml_wire.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\out_disk.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\out_ds.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\out_wave.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\playlist.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\pmp_activesync.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\pmp_ipod.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\pmp_njb.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\pmp_p4s.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\pmp_usb.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp	agz.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\vis_milk2.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\vis_nsfs.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\WLZEA5E.tmp\winamp.lng scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8837.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8845.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF88D4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF88E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF894A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF895D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8AB4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8AEA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8C48.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8C64.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8D8C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8DAD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8E0A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8E25.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8E93.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8EA1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8EFB.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~DF8F09.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Elise\AppData\Local\Temp\~ROMFN_00000894 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05312009_140057

Nic00 · Answer

Ok.

Va vérifier si tu trouves ceci:

c:\program files\eorezo\eoadv\eorezobho.dll
c:\program files\eorezo\eoengine.exe
c:\program files
etants
aget.htm
c:\program files
etants
agetall.htm
e:\adober.exe
f:\adober.exe


si oui, tu vires.

Fais la suite si tu ne l'as pas encore faite.

ffull41 · Answer

voila le rapport de GenProc. Je dois faire ce qu'il dit (télécharger tout ces trucs)?

Rapport GenProc 2.572 [1] 
@ 31/05/2009 à 14:23:44 
@ Windows Vista Service Pack 1

# Etape 1/ Télécharge :
 
- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.


- rustbfix http://uploads.ejvindh.andymanchesta.com/RustbFix.exe ( (ejvindh) et sauvegarde-le sur ton Bureau.
- Double clique sur rustbfix.exe afin de lancer l'outil.
- Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer l'ordi. 
- Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.

- Suite au(x) redémarrage(s), deux rapports s'ouvriront : (C:\avenger.txt & C:\rustbfix\pelog.txt).
- Poste le contenu de ces deux rapports, ainsi qu'un rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm


----------------------------------------------------------------------

~~ Arguments de la procédure ~~


# Détections [1] GenProc 2.572 31/05/2009 à 14:23:44 
Rustock: le 31/05/2009 à 14:23:44 "pe386" present

Nic00 · Answer

Suis la procédure indiquée.

ffull41 · Answer

voila j'ai tout viré sauf: e:\......   et   f:\..... car mon ordinateur dit qu'ils existent pas.
J'attaque les étape de genproc

ffull41 · Answer

ok pour la procédure, j'ai modifié les paramètres. Mais ils disent de fermer le programme, je dois meme pas tout nettoyer avant?

ffull41 · Answer

j'ai fait l'étape avec rustbfix avtn de nettoyer le disque avec ccleaner, il m'a donné ça:

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
31/05/2009 14:44:51,64

No Rustock.b-rootkits found

******************************* End of Logfile ********************************

ffull41 · Answer

désolé, je n'ai pas attendu pour savoir si je devais tout nettoyer, j'ai pensé que que c'était logique après tout ^^. En tout je l'ai fait, et j'ai refait rusbfix et il m'a marqué la meme chose sur le bloc notes

ffull41 · Answer

j'ai une question: une fois tout ce travail fini, je pourrai supprimer tout les logiciels que j'ai téléchargé pour le dévirusé?

Nic00 · Answer

Et le rapport Hijackthis, tu ne l'as pas posté.

Oui, à la fin on supprimera les outils utilisés.

ffull41 · Answer

rapport de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:35, on 30/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32undll32.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\Elise\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32undll32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Winamp\winamp.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Elise\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9e13cdf6571d5) (gupdate1c9e13cdf6571d5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\Windows\system32\pr2ajbeb.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Nic00 · Answer

Télécharge Ad-Remover :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD¬-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours

&#9654; Double clique sur "Ad-R.exe" pour lancer l'installation en laissant les paramètres d'installation par défaut .

&#9654; Double clique sur l'icône Ad-remover situé sur ton bureau.

&#9654; Au menu principal choisi l'option "L" et appuie sur Entrée.

 &#9654;Postes le rapport qui apparait à la fin.

&#9654;Le rapport est sauvegardé aussi sous C:\Ad-report.log 

(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

ffull41 · Answer

pour ad-remove, mon ordi dit que le lien et corrompu, afin qu'il ne mène à rien :(

Nic00 · Answer

Oups c'est ma faute, je te le remets:

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

ffull41 · Answer

le logiciel dit que les comptes d'utilisateurs sont surveillés, et donc que je doit en parler au "helper" qui m'aide. Quand j'ai lançais le truc (donc une fois que j'ai entré "L"), ça m'a marqué plein de fois "accès refusé"

Nic00 · Answer

Ok.

 /!\   si tu as Vista, désactive l’UAC le temps de la désinfection :	
Panneau de configuration>comptes utilisateurs>activer/désactiver le contrôle  des comptes utilisateurs>décoche la cas puis fais OK .

ffull41 · Answer

Voici le rapport:


------- RAPPORT D'AD-REMOVER 1.1.4.4 | UNIQUEMENT XP/VISTA -------

Mit à jour part C_XX le 28/05/2009 à 19:50
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

Lancé à: 20:56:57, 30/05/2009 | Mode Normal
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-ELISE
Utilisateur actuel: Elise - Administrateur

.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Eoengine
.
C:\Users\Elise\AppData\Roaming\EoRezo\cmhost.cyp 
C:\Users\Elise\AppData\Roaming\EoRezo\ConfMedia.cyp 
/!\ NON SUPPRIMÉ: C:\Users\Elise\AppData\Roaming\EoRezo\db  
/!\ NON SUPPRIMÉ: C:\Users\Elise\AppData\Roaming\EoRezo\eoDesktop  
C:\Users\Elise\AppData\Roaming\EoRezo\host.cyp 
C:\Users\Elise\AppData\Roaming\EoRezo\modules.cyp 
C:\Users\Elise\AppData\Roaming\EoRezo\user.cyp 
C:\Users\Elise\AppData\Roaming\EoRezo\db\cat.cyp 
C:\Users\Elise\AppData\Roaming\EoRezo\eoDesktop\config.xml 
C:\Users\Elise\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html 
C:\Users\Elise\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml 
C:\Users\Elise\AppData\Roaming\EoRezo 
C:\Program Files\EoRezo\ConfMedia.cyp 
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo\EoAdv  
C:\Program Files\EoRezo\eoEngine.url 
C:\Program Files\EoRezo\EoMultiLanguage.dll 
C:\Program Files\EoRezo\EoRezoComm.dll 
C:\Program Files\EoRezo\EoRezoImg_17.dll 
C:\Program Files\EoRezo\EoRezoImg_19.dll 
C:\Program Files\EoRezo\EoRezoImg_20.dll 
C:\Program Files\EoRezo\EoRezoImg_21.dll 
C:\Program Files\EoRezo\EoRezoImg_22.dll 
C:\Program Files\EoRezo\EoRezoImg_23.dll 
C:\Program Files\EoRezo\EoRezoTools_16.dll 
C:\Program Files\EoRezo\EoRezoTools_17.dll 
C:\Program Files\EoRezo\EoRezoTools_18.dll 
C:\Program Files\EoRezo\EoRezoTools_20.dll 
C:\Program Files\EoRezo\EoRezoTools_21.dll 
C:\Program Files\EoRezo\EoRezoTools_26.dll 
C:\Program Files\EoRezo\EoRezoTools_27.dll 
C:\Program Files\EoRezo\EoRezoTools_28.dll 
C:\Program Files\EoRezo\FreeImage.dll 
C:\Program Files\EoRezo\Host.cyp 
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo\lang  
C:\Program Files\EoRezo\MngInstaller.dll 
C:\Program Files\EoRezo\unins000.dat 
C:\Program Files\EoRezo\unins000.exe 
C:\Program Files\EoRezo\user.cyp 
C:\Program Files\EoRezo\EoAdv\atl90.dll 
C:\Program Files\EoRezo\EoAdv\EoAdv.dll 
C:\Program Files\EoRezo\EoAdv\mfc90.dll 
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.ATL.manifest 
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.CRT.manifest 
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.MFC.manifest 
C:\Program Files\EoRezo\EoAdv\msvcr90.dll 
C:\Program Files\EoRezo\lang\ihm_eoclock.xml 
C:\Program Files\EoRezo\lang\ihm_eoengine.xml 
C:\Program Files\EoRezo\lang\ihm_eonet.xml 
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml 
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml 
C:\Program Files\EoRezo\lang\ihm_eoweather.xml 
C:\Program Files\EoRezo\lang\lang_en.xml 
C:\Program Files\EoRezo\lang\lang_es.xml 
C:\Program Files\EoRezo\lang\lang_fr.xml 
C:\Program Files\EoRezo\lang\lang_it.xml 
C:\Program Files\EoRezo 
C:\Users\Elise\AppData\Roaming\Microsoft\Windows\Cookies\elise@partypoker[1].txt 

(!) -- Fichiers temporaires supprimés.

.
+-----------------| Scan additionnel:
.

---- Mozilla FireFox Version 2.0 ----

Nom du profil: yujm4tz1.default (Elise)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google"); 
(Prefs.js) user_pref("browser.search.defaultenginename", "Google"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Google"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Google"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search"); 
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="); 
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://lo.st#home"); 
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.msn.fr/"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.msn.fr/"); 
(Prefs.js) user_pref("browser.startup.homepage"\÷, "hxxp://fr.msn.com/"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.msn.fr/"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"); 
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.msn.fr/"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.msn.fr/"); 
(Prefs.js) user_pref("browser.startup.homepage"\÷"http:Øú//frØú.msnØú.comØú/");ú 
(Prefs.js) usØúÑer_pØúÑref(úq"keyú‚wordØúâ.URLØú", "ØúâhttpØúÀ://seØúçarc\÷user_pref("browser.startup.homepage", "hxxp://fr.msn.com/"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/"); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/"); 
.
(prefs.js) EFFACÉ: user_pref("browser.startup.homepage", "hxxp://lo.st#home"); 
. 

---- Internet Explorer Version 8.0.6001.18702 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page: hxxp://fr.msn.com/?ocid=iehp

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

   Tabs: res://ieframe.dll/tabswelcome.htm

=========== Suspect (Cracks, Serials ... ) ==========

.
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9653-to-3.1.0.9767-frFR-patch.exe
[7151768 Octet(s)|--a------|16/04/2009 13:30|HashMD5: 5e4f3f7da0778417e9b37d2c036a9947 |CRC32: 458c4948]


+---------------------------------------------------------------------------+

8506 Octet(s) - C:\Ad-Report-30.05.2009.log

19 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
51 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE

Fin à: 21:05:43 | 30/05/2009
.
+-----------------| E.O.F
.

Nic00 · Answer

EDIT:

Supprime Ad-Remover:

&#9654; Relance "Ad-remover" : au menu principal choisis l'option "D" 
&#9654;Une fenêtre d’avertissement va alors s’ouvrir : clique sur OK

Relances Hijackthis en faisant Do a system scan only, coche ces lignes:

O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html    
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab


puis clique sur Fix checked

Va voir si tu fichiers sont encore présents:

c:\program files\eorezo\eoadv\eorezobho.dll
c:\program files\eorezo\eoengine.exe
c:\program files
etants
aget.htm
c:\program files
etants
agetall.htm

si oui, tu les vires.



As-tu fais cette étape (avec le bloc-notes):

http://www.commentcamarche.net/forum/affich 12564133 ordinateur viruse?page=2#25

Je t'avais contacté par MP mais visiblement, tu ne l'as pas vu.

ffull41 · Answer

ok, je ferais cette partie demain si je peux. Il reste encore beaucoup de manip à faire?

Nic00 · Answer

Normalement non.

Tu n'as toujours pas répondu à ma question : 

As-tu fais cette étape (avec le bloc-notes):

http://www.commentcamarche.net/forum/affich 12564133 ordinateur viruse?page=2#25

A demain ;-)

ffull41 · Answer

Bah il me semble que oui

Nic00 · Answer

Il te semble !? Tu dois bien le savoir.

Breff. Poste moi tout ça quand tu en as l'occasion.

@+

ffull41 · Answer

j'ai refais cette étape, mais aucun bloc note s'est ouvert

ffull41 · Answer

oui je confirme, j'ai tout fais! j'ai suivi toutes les étapes, je m'en rappelle

Nic00 · Answer

EDIT.

Ok alors

Ordinateur virusé!!

45 réponses

Discussions similaires