Sujet Précédent Sujet Suivant

Ordinateur infecté par un trojan

Résolu
loovy Messages postés 7 Statut Membre -  
kduc Messages postés 1537 Statut Membre -
Bonjour,
J'ai un virus trojan apparemment qui est sur mon ordinateur : le souci c'est qu'il a bloqué avast et mon ordinateur depuis ne fais que souffler, c'est-à-dire que le ventilo n'arrête pas de démarrer et de s'éteindre à intervalles irréguliers , je ne peux plus exécuter mes fichiers mm en tant qu'administrateur !
je suis nulle en informatique et je ne sais pas quoi faire!
pourriez vous m'aider ? SVP
j'ai peur que mon ordinateur surchauffe ! et qu'il crame merci d'avance !
j'ai fait un scan et voici le rapport :

SmitFraudFix v2.423

Scan done at 2:00:17,08, 18/07/2009
Run from C:\Windows\bdoscan8\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\lxcycoms.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sandrine

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sandrine\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sandrine\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sandrine\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
A voir également:

25 réponses

  • 1
  • 2
Réponse 1 / 25
loovy Messages postés 7 Statut Membre 2
 
re salut !
alors voici le rapport combofix :

ComboFix 09-07-14.08 - Sandrine 19/07/2009 14:16.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.446.106 [GMT 2:00]
Running from: c:\users\Sandrine\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Sandrine\AppData\Roaming\.#
c:\users\Sandrine\AppData\Roaming\.#\MBX@718@1D228E8.###
c:\users\Sandrine\AppData\Roaming\.#\MBX@718@1D22918.###
c:\users\Sandrine\AppData\Roaming\.#\MBX@718@1D22948.###
c:\users\Sandrine\AppData\Roaming\drivers\111wfs1intwq.sys
c:\users\Sandrine\AppData\Roaming\Drivers\11s11ro1s1a2.sys
c:\users\Sandrine\AppData\Roaming\drivers\downld
c:\users\Sandrine\AppData\Roaming\drivers\downld\200383.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\243486.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\263594.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\268602.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\282377.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\284062.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\284748.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\302173.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\303125.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\305091.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\431763.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\433838.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\434743.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\442980.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\443791.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\443822.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\453229.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\455008.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\455600.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\457348.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\477113.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\574614.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\575004.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\725467.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\726044.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\726137.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\726590.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\727697.exe
c:\users\Sandrine\AppData\Roaming\drivers\downld\727713.exe
c:\users\Sandrine\AppData\Roaming\drivers\winupgro.exe
c:\users\Sandrine\AppData\Roaming\m
c:\users\Sandrine\AppData\Roaming\m\data.oct
c:\users\Sandrine\AppData\Roaming\m\flec006.exe
c:\users\Sandrine\AppData\Roaming\m\list.oct
c:\users\Sandrine\AppData\Roaming\m\shared\.zip
c:\users\Sandrine\AppData\Roaming\m\shared\3D Mountain Waterfall 1.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\3D_Developer_Studio_for_Borland_C++_Builder_6.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Absolute Backup 2.3.3.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Absolute_Pop_Up_Maker_2.1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Acelet Scheduler 6.10.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Active Photo Editor 1.3.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Acura TSX Screensaver 2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Agile ASF Video Converter 1.2.2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Alloy 4.3.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Allway_Sync_6.2.5_(Cracked).zip
c:\users\Sandrine\AppData\Roaming\m\shared\Alt_MP3_Bitrate_Converter_2.5_[KeyGen].zip
c:\users\Sandrine\AppData\Roaming\m\shared\AlterWind Log Analyzer Professional 4.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\AntiHook_3.0.0.23_Cracked.zip
c:\users\Sandrine\AppData\Roaming\m\shared\avast.pro.+.SERIAL.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Avast.Pro.4.7.French.Keygen.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Avira.GmbH.AntiVir.Mobile.v1.0.10.S60-S80.SymbianOS.zip
c:\users\Sandrine\AppData\Roaming\m\shared\BB-Tuner_'Mean_Green'_1.01_[With_Crack].zip
c:\users\Sandrine\AppData\Roaming\m\shared\blueshell ADO Survey Kit 3.00.0013.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Bonfire_Studio_1.4.zip
c:\users\Sandrine\AppData\Roaming\m\shared\BookWorm_Firefox_Add-on_0.3.zip
c:\users\Sandrine\AppData\Roaming\m\shared\BraveDwarves_2_1.15.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Calendar Builder 3.46.zip
c:\users\Sandrine\AppData\Roaming\m\shared\CATraxx 7.21.03.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Child Care Control Console 1.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Chinese Purple Star Astrology 1.25.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Circle_Virtual_CD_1.02.zip
c:\users\Sandrine\AppData\Roaming\m\shared\CompuApps_SwissKnife_V3_3.22.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Conversion Log Analysis Tool 1.0.5.zip
c:\users\Sandrine\AppData\Roaming\m\shared\COOLjsTree_1.4.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\CopyCode 1.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Coral_Clock_3D_Screensaver_1.0_[Key+Serial].zip
c:\users\Sandrine\AppData\Roaming\m\shared\CZ-Xls2Txt 2.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\DayDreamer_1.0_Key+Serial.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Delicer_0.9.2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Design-Side Includes 1.6.zip
c:\users\Sandrine\AppData\Roaming\m\shared\DNS_Redirector_6.3.1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Domain_Seeka_1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Duplicate File Detector 4.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\DXView 2.6.8.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Easy_audio_tools_1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\envedit 6.3.20.zip
c:\users\Sandrine\AppData\Roaming\m\shared\ETD Scanner 2.0.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\EZ eMail Backup 1.1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\EzSMTP 1.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Fast Soft Knee Compressor 1.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Find'n'Block_Personal_Firewall_2.2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Frazilla_2.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Free Internet Window Washer 2.1 build 20070829.zip
c:\users\Sandrine\AppData\Roaming\m\shared\FreePlaySolitaire_1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Gangland_v1.2_Patch.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Geneious Pro 3.7.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Gordian_Knot_Codec_Pack_1.8.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Gore multiplayer 1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\idFramer 2.1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\iReport 2.0.2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\KanjiBrowze_2.1b.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Kaspersky.Anti-Virus.Personal.Pro.v5.0.527.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Kaspersky_Anti-Virus_Personal_Pro_6.0.2.621.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Kingdia_DVD_Ripper_SE_3.0.2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Kornitop_0.7.0.1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\LingvoSoft Dictionary 2007 German - French 4.1.29.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Logosmartz_4.0_(Key+Serial).zip
c:\users\Sandrine\AppData\Roaming\m\shared\M NetSender 2.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\MASH 7.2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\McAfee.Personal.Firewall.Plus.v6.1.6144.Retail-ZWT.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Metro 95.1 FM Radio Player 1.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Mister_Atomic_Cookie_Chips_Muffin_Mix_3.0_[Serial].zip
c:\users\Sandrine\AppData\Roaming\m\shared\Monkey Chilling.zip
c:\users\Sandrine\AppData\Roaming\m\shared\MorseTest 1.3.zip
c:\users\Sandrine\AppData\Roaming\m\shared\MPEG_Audio_Realtime_Player_1.74.zip
c:\users\Sandrine\AppData\Roaming\m\shared\myBrowser_1.2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\MyPrivacy_5.5.3_Cracked.zip
c:\users\Sandrine\AppData\Roaming\m\shared\MyWebServer Link Resolver 1.0.3.zip
c:\users\Sandrine\AppData\Roaming\m\shared\NetTools_1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\NewWayService 3.28.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Nova 1.8.zip
c:\users\Sandrine\AppData\Roaming\m\shared\OmniGraffle_4.1.2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Panda-Arroz_Con_Leche-2000-NoGrp.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Panda.Antivirus.v6.09.Platinum.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Password Commander 2.9.3.zip
c:\users\Sandrine\AppData\Roaming\m\shared\PDFToolkit 1.0.2008.208.zip
c:\users\Sandrine\AppData\Roaming\m\shared\PowerKaraoke 1.2.28a.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Prevx1.Pc.Security.Crack.Working.Nov2005(1).updated-fixed.08-2006.zip
c:\users\Sandrine\AppData\Roaming\m\shared\ProStream Browser 1.2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Quick_AVI_Splitter_2.0.8.79.zip
c:\users\Sandrine\AppData\Roaming\m\shared\QuickRecord 3 3.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Quit_Counter_1.2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Return_to_Castle_Wolfenstein_Enemy_Territory_Source_Code.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Schedule Master 5.70.zip
c:\users\Sandrine\AppData\Roaming\m\shared\ScreenShot_2000_Key.zip
c:\users\Sandrine\AppData\Roaming\m\shared\ScreenTime_3.0.0d.zip
c:\users\Sandrine\AppData\Roaming\m\shared\ScriptCopy 2.02.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Seasons_Of_Yosemite_1.0.6.2634_[Serial].zip
c:\users\Sandrine\AppData\Roaming\m\shared\Sexy_Lingerie_&_Bikini_Model_Screensaver_2.1_KeyGen.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Smarty Uninstaller 2006 Pro 1.6.zip
c:\users\Sandrine\AppData\Roaming\m\shared\SNMP MIB Parser 1.3.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Soft191 Alarm Clock 1.05.zip
c:\users\Sandrine\AppData\Roaming\m\shared\SolveigMM_WMP_Trimmer_Plugin_1.0.706.18_Crack.zip
c:\users\Sandrine\AppData\Roaming\m\shared\SPTCorr_2.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\SpyBlocker_9.3.zip
c:\users\Sandrine\AppData\Roaming\m\shared\SQL Edge 3.3.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Stellar_Wipe_Personal_Edition_2.zip
c:\users\Sandrine\AppData\Roaming\m\shared\STMPRaw_1.1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Superman_Returns_3D_Screensaver_1.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Symantec.AntiVirus.Client.Corporate.Edition.v10.2.0.199.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Team@Work_Standard_edition_1.0.0_[Crack].zip
c:\users\Sandrine\AppData\Roaming\m\shared\TGTools_Professional_2.34_KeyGen.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Thesaurus_Builder_1.52_Serial.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Universal_Watchdog_1.0.105_Key.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_Long_Range_Fast_Rocket_Launcher_model.zip
c:\users\Sandrine\AppData\Roaming\m\shared\VBpack_1.02.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Vertigo_1.0.1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\ViaCleaner_7.1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Video to Audio Cutter 2.00.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Voice Message Server 1.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Voice_Message_Server_1.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Volume Fade Out Spy 2007.08.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Warcraft_III_-_Lord_of_the_Rings_Fellowship_of_the_Ring_single-player_map.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Web Dumper 3.1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Whizlabs MCSD .NET (70-316) Kit 6.0.1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Wildlife Photo Screensaver 1.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\Wire_Pilot_Plugin_1.00.zip
c:\users\Sandrine\AppData\Roaming\m\shared\WordBanker English-Arabic 6.2.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\X-Tile Screensaver 1.0.zip
c:\users\Sandrine\AppData\Roaming\m\shared\YourTutorial Explorer 2.1.zip
c:\users\Sandrine\AppData\Roaming\m\shared\ZoneTrekker_1.0.zip
c:\users\Sandrine\AppData\Roaming\m\srvlist.oct
c:\users\Sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities
c:\users\Sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk
c:\users\Sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk
c:\users\Sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wintems.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_111111S1RO1S1A
-------\Legacy_111111S1RO1S1A
-------\Legacy_111111S1RO1S1A
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s

((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-19 12:25 . 2009-07-19 12:28 -------- d-----w- c:\users\Sandrine\AppData\Local\temp
2009-07-19 00:51 . 2009-07-19 00:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-18 23:33 . 2009-07-18 23:33 -------- d-----w- c:\program files\CCleaner
2009-07-18 13:51 . 2009-07-19 00:25 -------- d-----w- c:\program files\Trend Micro
2009-07-18 03:19 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-18 03:19 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-18 03:19 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-07-18 02:34 . 2009-07-18 02:34 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Malwarebytes
2009-07-18 02:34 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-18 02:34 . 2009-07-18 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 02:34 . 2009-07-18 02:34 -------- d-----w- c:\programdata\Malwarebytes
2009-07-18 02:34 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 02:28 . 2009-07-18 02:31 -------- d-----w- C:\ToolBar SD
2009-07-18 01:57 . 2009-07-18 02:05 -------- d-----w- c:\programdata\avg8
2009-07-17 22:58 . 2009-07-17 23:59 -------- d-----w- c:\windows\BDOSCAN8
2009-07-17 22:20 . 2009-07-18 03:08 -------- d-----w- c:\users\Sandrine\.housecall6.6
2009-07-17 22:19 . 2009-07-17 22:19 -------- d-----w- c:\windows\Sun
2009-07-17 21:41 . 2009-07-19 12:25 -------- d--h--w- c:\users\Sandrine\AppData\Roaming\drivers
2009-07-17 20:45 . 2009-07-17 20:45 -------- d-----w- c:\users\Sandrine\AppData\Roaming\TeamViewer
2009-07-17 20:44 . 2009-07-17 20:44 -------- d-----w- c:\users\Sandrine\temp
2009-07-17 19:49 . 2009-07-17 19:49 -------- d-----w- c:\users\Sandrine\AppData\Roaming\panoramik
2009-07-17 19:24 . 2009-07-17 19:24 -------- d-----w- c:\program files\ReflexiveArcade
2009-07-17 18:13 . 2009-07-17 18:13 -------- d-----w- c:\users\Sandrine\AppData\Local\FamilyRestaurant
2009-07-17 12:35 . 2009-07-17 12:35 -------- d-----w- c:\programdata\Escape From Paradise_11
2009-07-17 12:21 . 2009-07-18 00:19 -------- d-----w- c:\programdata\eMule
2009-07-17 12:18 . 2009-07-17 12:21 -------- d-----w- c:\users\Sandrine\AppData\Local\eMule
2009-07-16 12:08 . 2009-07-16 12:09 -------- d-----w- c:\programdata\SugarGames
2009-07-15 11:30 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 11:30 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 11:30 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 11:30 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 22:45 . 2009-07-13 22:45 -------- d-----w- c:\programdata\Meridian93
2009-07-13 22:44 . 2009-07-13 22:44 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Meridian93
2009-07-13 22:35 . 2009-07-13 22:35 -------- d-----w- c:\users\Sandrine\AppData\Local\Grubby Games
2009-07-13 22:06 . 2009-07-13 22:06 68274 ----a-w- c:\users\Sandrine\temps11.vbs
2009-07-13 21:48 . 2009-07-17 22:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-13 21:45 . 1998-07-12 22:00 15872 ----a-w- c:\windows\system32\WINSKFR.DLL
2009-07-13 21:45 . 1998-07-12 22:00 102912 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-07-13 16:07 . 2009-07-13 16:07 -------- d-----w- c:\programdata\FarmFrenzy2
2009-07-13 15:42 . 2009-07-13 15:42 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Boomzap
2009-07-10 19:10 . 2009-07-10 19:10 339968 ----a-w- c:\windows\system32\pythoncom25.dll
2009-07-10 19:10 . 2009-07-10 19:10 2117632 ----a-w- c:\windows\system32\python25.dll
2009-07-10 19:10 . 2009-07-10 19:10 114688 ----a-w- c:\windows\system32\pywintypes25.dll
2009-07-10 19:10 . 2008-09-16 16:26 1332197 ----a-w- c:\windows\system32\pythondll.zip
2009-07-08 12:55 . 2009-07-08 12:55 -------- d-----w- c:\programdata\MumboJumbo
2009-07-08 12:25 . 2009-07-08 12:25 -------- d-----w- c:\programdata\Alex Gordon
2009-07-07 18:51 . 2009-07-07 18:51 -------- d-----w- c:\programdata\Arcade Lab
2009-07-07 13:09 . 2009-07-07 13:09 -------- d-----w- c:\programdata\Gogii
2009-07-07 12:02 . 2009-07-07 12:02 -------- d-----w- c:\users\Sandrine\AppData\Roaming\blg
2009-07-07 12:02 . 2009-07-07 12:02 -------- d-----w- c:\programdata\blg
2009-07-06 16:04 . 2009-07-06 16:04 -------- d-----w- c:\programdata\Sandlot Games
2009-07-06 11:49 . 2009-07-06 11:49 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Skunk Studios
2009-07-06 09:35 . 2009-07-06 09:35 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Artogon
2009-07-06 09:26 . 2009-07-06 09:26 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Big Fish
2009-07-06 08:11 . 2009-07-06 08:11 -------- d-----w- c:\programdata\FreshGames
2009-07-05 17:09 . 2009-07-15 23:37 -------- d-----w- c:\programdata\HipSoft
2009-07-05 13:56 . 2009-07-05 13:56 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Oberon Games
2009-07-05 11:31 . 2009-07-05 11:31 -------- d-----w- c:\programdata\DivoGames
2009-07-05 08:58 . 2009-07-05 08:58 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Saved Games
2009-07-04 19:52 . 2009-07-04 19:52 -------- d-----w- c:\users\Sandrine\AppData\Roaming\EleFun Games
2009-07-03 14:25 . 2009-07-03 14:25 -------- d-----w- c:\programdata\Fugazo
2009-07-03 07:34 . 2009-07-03 07:34 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Jane s Hotel Family Hero
2009-07-02 22:18 . 2009-07-02 22:18 -------- d-----w- c:\programdata\FarmFrenzy-PizzaParty
2009-07-02 20:23 . 2009-07-06 12:33 -------- d-----w- c:\users\Sandrine\AppData\Roaming\YoudaGames
2009-07-02 12:49 . 2009-07-02 12:49 -------- d-----w- c:\programdata\PlayfulAge
2009-06-30 19:16 . 2009-06-30 19:18 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Go Go Gourmet
2009-06-29 21:49 . 2009-06-29 21:49 -------- d-----w- c:\users\Sandrine\AppData\Roaming\GameInvest
2009-06-29 20:43 . 2009-06-29 20:43 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Boolat Games
2009-06-24 19:38 . 2009-07-05 13:56 -------- d-----w- c:\programdata\Oberon Games
2009-06-24 19:36 . 2009-06-24 19:36 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-06-20 18:14 . 2009-06-15 11:53 2334405 ------w- c:\programdata\~1\SearchTheWeb.exe
2009-06-20 18:14 . 2009-06-20 18:25 -------- d--h--w- c:\programdata\~1
2009-06-20 18:05 . 2009-06-15 15:12 2440296 ------w- c:\programdata\~0\IMBoosterSetup.exe
2009-06-20 18:04 . 2009-06-20 18:24 -------- d--h--w- c:\programdata\~0
2009-06-20 15:14 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-20 15:14 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-20 14:10 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-20 14:10 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-20 14:10 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-20 14:10 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-20 14:10 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-20 14:10 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-20 14:10 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-20 14:03 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-20 14:03 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-20 14:03 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-20 14:03 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-20 14:03 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-20 10:02 . 2009-06-20 10:02 -------- d-----w- c:\program files\Microsoft
2009-06-20 10:02 . 2009-06-20 10:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-20 06:57 . 2009-06-20 10:01 -------- d-----w- c:\program files\Windows Live
2009-06-20 06:57 . 2009-06-20 06:57 -------- d-----w- c:\windows\PCHEALTH
2009-06-19 13:11 . 2009-06-19 13:11 393216 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_fr_0C51F9E1D600D10B.dll
2009-06-19 13:05 . 2009-06-19 13:09 -------- d-----w- c:\program files\Wanadoo Jeux
2009-06-19 13:00 . 2009-06-19 17:52 -------- d-----w- c:\program files\Google
2009-06-19 12:59 . 2009-06-19 13:01 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Zylom
2009-06-19 12:59 . 2006-09-26 11:03 98304 ----a-w- c:\users\Sandrine\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-06-19 12:59 . 2006-09-26 11:03 161976 ----a-w- c:\users\Sandrine\AppData\Roaming\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-06-19 12:59 . 2009-06-19 14:13 -------- d-----w- c:\users\Sandrine\AppData\Local\Zylom Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 09:00 . 2008-10-28 09:45 -------- d-----w- c:\programdata\NOS
2009-07-19 08:59 . 2008-10-28 09:45 -------- d-----w- c:\program files\NOS
2009-07-17 18:20 . 2008-11-28 22:46 -------- d-----w- c:\programdata\PlayFirst
2009-07-17 18:20 . 2008-11-28 22:46 -------- d-----w- c:\users\Sandrine\AppData\Roaming\PlayFirst
2009-07-16 01:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 21:52 . 2009-07-13 21:52 0 ----a-w- c:\users\Sandrine\errorlog.tmp
2009-07-13 09:05 . 2008-06-03 12:28 -------- d-----w- c:\program files\lx_cats
2009-06-24 22:16 . 2008-03-02 09:45 7728 ----a-w- c:\users\Sandrine\AppData\Local\d3d9caps.dat
2009-06-20 15:38 . 2006-11-02 15:48 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-20 15:38 . 2006-11-02 15:48 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-20 08:52 . 2008-10-27 14:25 -------- d-----w- c:\programdata\WLInstaller
2009-06-19 07:15 . 2009-06-19 07:03 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-06-18 18:54 . 2009-06-18 18:54 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-23 07:24 . 2009-05-23 07:24 -------- d-----w- c:\program files\Electronic Arts
2009-04-30 12:37 . 2009-06-18 19:23 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-18 19:23 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 12:43 . 2009-06-18 19:07 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-18 19:09 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-18 19:12 2033152 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="" [?]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2004-01-25 856064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"LXCYCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-07-19 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-14 528384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-885072419-344737354-4171132561-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{12A45747-2372-4071-AFC2-797A16389BB3}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{857E81E3-6A25-4038-A976-590002A8FF54}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{B2690F95-1BA9-42B6-8151-D37A873D97E9}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{BE8168BD-1587-48C9-B8A9-8DA29EB488A4}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{97A20D34-D5EB-42F9-8D75-7772B1CAAAB2}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{8FFFA071-A90B-466D-AAC6-D07DB72C5A9C}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{FBB2CD35-5498-46F4-8829-2DF3885C1C12}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{0035BDE0-2E3C-476E-9D74-C9778E365572}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{2C7749D8-584C-471D-AEFF-C677570CEC98}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{6C2ADED2-5CD6-425A-A80E-00AA1D08D67B}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{0F068A94-5761-4B67-875A-ADE71355984C}"= UDP:c:\users\Sandrine\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{F3E6E932-B7C2-48D3-857D-835F0D16FC3A}"= TCP:c:\users\Sandrine\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{F1033A40-3B2A-45B8-A69E-2F056C5AC00E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{01295B98-1D47-4563-8392-FD78278C9C92}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

R1 aswSP;avast! Self Protection; [x]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [x]
R3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2002-07-24 10986]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2006-02-20 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-eMuleAutoStart - c:\program files\eMule\emule.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title =
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3988)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-07-19 14:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 12:42

Pre-Run: 47 105 355 776 octets libres
Post-Run: 46 913 200 128 octets libres

452 --- E O F --- 2009-07-16 01:09

et voici le rapport malwarebytes en "mode sans échec" :

Malwarebytes' Anti-Malware 1.39
Database version: 2453
Windows 6.0.6001 Service Pack 1

19/07/2009 14:50:47
mbam-log-2009-07-19 (14-50-47).txt

Scan type: Quick Scan
Objects scanned: 69690
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Je n' y connais rien mais je pense que le problème est résolu ! si c'est le cas je vous renouvelle mes remerciements ! vraiment vous m'avez enlevé une épine du pied, enfin de l'ordi (clin d'oeil).
Il reste une question en suspend !
Mon ordinateur posséde t'il à ce jour une protection contre les virus ou dois-je installer quelque chose et dois-je réactiver UAC ?
merci de votre réponse !
1
Réponse 2 / 25
loovy Messages postés 7 Statut Membre 2
 
salut, voici le rapport combofix :

ComboFix 09-07-14.08 - Sandrine 19/07/2009 19:17.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.446.160 [GMT 2:00]
Running from: c:\users\Sandrine\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Sandrine\Desktop\CFScript.doc
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Sandrine\AppData\Roaming\drivers\downld

.
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-19 17:27 . 2009-07-19 17:27 -------- d-----w- c:\users\Sandrine\AppData\Local\temp
2009-07-19 16:30 . 2009-07-19 16:30 -------- d-----w- c:\program files\QS
2009-07-19 16:08 . 2009-07-19 16:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-19 15:46 . 2009-07-19 16:36 -------- d-----w- c:\program files\Windows Live
2009-07-19 15:45 . 2009-07-19 15:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-19 15:17 . 2009-07-19 15:20 -------- d-----w- c:\users\loovy
2009-07-19 00:51 . 2009-07-19 00:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-18 23:33 . 2009-07-18 23:33 -------- d-----w- c:\program files\CCleaner
2009-07-18 13:51 . 2009-07-19 00:25 -------- d-----w- c:\program files\Trend Micro
2009-07-18 03:19 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-18 03:19 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-18 03:19 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-07-18 02:34 . 2009-07-18 02:34 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Malwarebytes
2009-07-18 02:34 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-18 02:34 . 2009-07-18 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 02:34 . 2009-07-18 02:34 -------- d-----w- c:\programdata\Malwarebytes
2009-07-18 02:34 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 02:28 . 2009-07-18 02:31 -------- d-----w- C:\ToolBar SD
2009-07-18 01:57 . 2009-07-18 02:05 -------- d-----w- c:\programdata\avg8
2009-07-17 22:58 . 2009-07-17 23:59 -------- d-----w- c:\windows\BDOSCAN8
2009-07-17 22:20 . 2009-07-18 03:08 -------- d-----w- c:\users\Sandrine\.housecall6.6
2009-07-17 22:19 . 2009-07-17 22:19 -------- d-----w- c:\windows\Sun
2009-07-17 21:41 . 2009-07-19 17:26 -------- d--h--w- c:\users\Sandrine\AppData\Roaming\drivers
2009-07-17 20:45 . 2009-07-19 16:30 -------- d-----w- c:\users\Sandrine\AppData\Roaming\TeamViewer
2009-07-17 20:44 . 2009-07-17 20:44 -------- d-----w- c:\users\Sandrine\temp
2009-07-17 19:49 . 2009-07-17 19:49 -------- d-----w- c:\users\Sandrine\AppData\Roaming\panoramik
2009-07-17 19:24 . 2009-07-17 19:24 -------- d-----w- c:\program files\ReflexiveArcade
2009-07-17 18:13 . 2009-07-17 18:13 -------- d-----w- c:\users\Sandrine\AppData\Local\FamilyRestaurant
2009-07-17 12:35 . 2009-07-17 12:35 -------- d-----w- c:\programdata\Escape From Paradise_11
2009-07-17 12:21 . 2009-07-18 00:19 -------- d-----w- c:\programdata\eMule
2009-07-17 12:18 . 2009-07-17 12:21 -------- d-----w- c:\users\Sandrine\AppData\Local\eMule
2009-07-16 12:08 . 2009-07-16 12:09 -------- d-----w- c:\programdata\SugarGames
2009-07-15 11:30 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 11:30 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 11:30 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 11:30 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 22:45 . 2009-07-13 22:45 -------- d-----w- c:\programdata\Meridian93
2009-07-13 22:44 . 2009-07-13 22:44 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Meridian93
2009-07-13 22:35 . 2009-07-13 22:35 -------- d-----w- c:\users\Sandrine\AppData\Local\Grubby Games
2009-07-13 22:06 . 2009-07-13 22:06 68274 ----a-w- c:\users\Sandrine\temps11.vbs
2009-07-13 21:48 . 2009-07-17 22:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-13 21:45 . 1998-07-12 22:00 15872 ----a-w- c:\windows\system32\WINSKFR.DLL
2009-07-13 21:45 . 1998-07-12 22:00 102912 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-07-13 16:07 . 2009-07-13 16:07 -------- d-----w- c:\programdata\FarmFrenzy2
2009-07-13 15:42 . 2009-07-13 15:42 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Boomzap
2009-07-10 19:10 . 2009-07-10 19:10 339968 ----a-w- c:\windows\system32\pythoncom25.dll
2009-07-10 19:10 . 2009-07-10 19:10 2117632 ----a-w- c:\windows\system32\python25.dll
2009-07-10 19:10 . 2009-07-10 19:10 114688 ----a-w- c:\windows\system32\pywintypes25.dll
2009-07-10 19:10 . 2008-09-16 16:26 1332197 ----a-w- c:\windows\system32\pythondll.zip
2009-07-08 12:55 . 2009-07-08 12:55 -------- d-----w- c:\programdata\MumboJumbo
2009-07-08 12:25 . 2009-07-08 12:25 -------- d-----w- c:\programdata\Alex Gordon
2009-07-07 18:51 . 2009-07-07 18:51 -------- d-----w- c:\programdata\Arcade Lab
2009-07-07 13:09 . 2009-07-07 13:09 -------- d-----w- c:\programdata\Gogii
2009-07-07 12:02 . 2009-07-07 12:02 -------- d-----w- c:\users\Sandrine\AppData\Roaming\blg
2009-07-07 12:02 . 2009-07-07 12:02 -------- d-----w- c:\programdata\blg
2009-07-06 16:04 . 2009-07-06 16:04 -------- d-----w- c:\programdata\Sandlot Games
2009-07-06 11:49 . 2009-07-06 11:49 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Skunk Studios
2009-07-06 09:35 . 2009-07-06 09:35 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Artogon
2009-07-06 09:26 . 2009-07-06 09:26 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Big Fish
2009-07-06 08:11 . 2009-07-06 08:11 -------- d-----w- c:\programdata\FreshGames
2009-07-05 17:09 . 2009-07-15 23:37 -------- d-----w- c:\programdata\HipSoft
2009-07-05 13:56 . 2009-07-05 13:56 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Oberon Games
2009-07-05 11:31 . 2009-07-05 11:31 -------- d-----w- c:\programdata\DivoGames
2009-07-05 08:58 . 2009-07-05 08:58 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Saved Games
2009-07-04 19:52 . 2009-07-04 19:52 -------- d-----w- c:\users\Sandrine\AppData\Roaming\EleFun Games
2009-07-03 14:25 . 2009-07-03 14:25 -------- d-----w- c:\programdata\Fugazo
2009-07-03 07:34 . 2009-07-03 07:34 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Jane s Hotel Family Hero
2009-07-02 22:18 . 2009-07-02 22:18 -------- d-----w- c:\programdata\FarmFrenzy-PizzaParty
2009-07-02 20:23 . 2009-07-06 12:33 -------- d-----w- c:\users\Sandrine\AppData\Roaming\YoudaGames
2009-07-02 12:49 . 2009-07-02 12:49 -------- d-----w- c:\programdata\PlayfulAge
2009-06-30 19:16 . 2009-06-30 19:18 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Go Go Gourmet
2009-06-29 21:49 . 2009-06-29 21:49 -------- d-----w- c:\users\Sandrine\AppData\Roaming\GameInvest
2009-06-29 20:43 . 2009-06-29 20:43 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Boolat Games
2009-06-24 19:38 . 2009-07-05 13:56 -------- d-----w- c:\programdata\Oberon Games
2009-06-24 19:36 . 2009-06-24 19:36 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-06-20 18:14 . 2009-06-15 11:53 2334405 ------w- c:\programdata\~1\SearchTheWeb.exe
2009-06-20 18:14 . 2009-06-20 18:25 -------- d--h--w- c:\programdata\~1
2009-06-20 18:05 . 2009-06-15 15:12 2440296 ------w- c:\programdata\~0\IMBoosterSetup.exe
2009-06-20 18:04 . 2009-06-20 18:24 -------- d--h--w- c:\programdata\~0
2009-06-20 15:14 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-20 15:14 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-20 14:10 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-20 14:10 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-20 14:10 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-20 14:10 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-20 14:10 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-20 14:10 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-20 14:10 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-20 14:03 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-20 14:03 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-20 14:03 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-20 14:03 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-20 14:03 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-20 10:02 . 2009-06-20 10:02 -------- d-----w- c:\program files\Microsoft
2009-06-20 10:02 . 2009-06-20 10:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-20 06:57 . 2009-06-20 06:57 -------- d-----w- c:\windows\PCHEALTH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 09:00 . 2008-10-28 09:45 -------- d-----w- c:\programdata\NOS
2009-07-19 08:59 . 2008-10-28 09:45 -------- d-----w- c:\program files\NOS
2009-07-17 18:20 . 2008-11-28 22:46 -------- d-----w- c:\programdata\PlayFirst
2009-07-17 18:20 . 2008-11-28 22:46 -------- d-----w- c:\users\Sandrine\AppData\Roaming\PlayFirst
2009-07-16 01:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 21:52 . 2009-07-13 21:52 0 ----a-w- c:\users\Sandrine\errorlog.tmp
2009-07-13 09:05 . 2008-06-03 12:28 -------- d-----w- c:\program files\lx_cats
2009-06-24 22:16 . 2008-03-02 09:45 7728 ----a-w- c:\users\Sandrine\AppData\Local\d3d9caps.dat
2009-06-20 15:38 . 2006-11-02 15:48 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-20 15:38 . 2006-11-02 15:48 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-20 08:52 . 2008-10-27 14:25 -------- d-----w- c:\programdata\WLInstaller
2009-06-19 17:52 . 2009-06-19 13:00 -------- d-----w- c:\program files\Google
2009-06-19 13:11 . 2009-06-19 13:11 393216 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_fr_0C51F9E1D600D10B.dll
2009-06-19 13:09 . 2009-06-19 13:05 -------- d-----w- c:\program files\Wanadoo Jeux
2009-06-19 13:01 . 2009-06-19 12:59 -------- d-----w- c:\users\Sandrine\AppData\Roaming\Zylom
2009-06-19 07:15 . 2009-06-19 07:03 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-06-18 18:54 . 2009-06-18 18:54 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-23 07:24 . 2009-05-23 07:24 -------- d-----w- c:\program files\Electronic Arts
2009-04-30 12:37 . 2009-06-18 19:23 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-18 19:23 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 12:43 . 2009-06-18 19:07 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-18 19:09 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-18 19:12 2033152 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-19_12.29.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-14 12:59 . 2009-07-19 16:05 57682 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-07-19 12:30 54912 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-19 16:05 54912 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-01 19:26 . 2009-07-19 16:05 16852 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-885072419-344737354-4171132561-1000_UserData.bin
+ 2009-07-19 12:46 . 2009-07-19 16:08 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-19 12:46 . 2009-07-19 16:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-19 12:51 . 2009-07-19 12:46 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009071920090720\index.dat
+ 2009-07-19 12:46 . 2009-07-19 16:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-19 16:08 . 2009-07-19 16:08 98816 c:\windows\Installer\5458c.msi
+ 2009-07-19 17:03 . 2009-07-19 17:03 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\f0940934a3aa33b7671f416206a76c03\WindowsLiveWriter.ni.exe
+ 2009-07-19 17:04 . 2009-07-19 17:04 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1b63823a5b3ae8aa81cb94997db390ab\WindowsLive.Writer.Api.ni.dll
+ 2009-07-19 17:04 . 2009-07-19 17:04 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\643a34a91187f176c73027bd60d658b8\stdole.ni.dll
+ 2009-02-06 17:39 . 2009-02-06 17:39 308600 c:\windows\WLXPGSS.SCR
+ 2009-07-19 16:08 . 2009-07-19 16:08 635904 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b\msvcr80.dll
+ 2009-07-19 16:08 . 2009-07-19 16:08 558080 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b\msvcp80.dll
+ 2009-07-19 16:08 . 2009-07-19 16:08 479232 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b\msvcm80.dll
+ 2009-06-21 08:32 . 2009-07-19 16:08 951669 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
- 2009-06-20 15:49 . 2009-07-18 23:56 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-20 15:49 . 2009-07-19 15:40 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-19 15:47 . 2009-07-19 15:47 782336 c:\windows\Installer\f4857.msi
+ 2009-07-19 15:45 . 2009-07-19 15:45 891904 c:\windows\Installer\f484b.msi
+ 2009-07-19 16:08 . 2009-07-19 16:08 179200 c:\windows\Installer\5459e.msi
+ 2009-07-19 16:08 . 2009-07-19 16:08 727040 c:\windows\Installer\54598.msi
+ 2009-07-19 16:08 . 2009-07-19 16:08 483328 c:\windows\Installer\54592.msi
+ 2009-07-19 16:36 . 2009-07-19 16:36 570880 c:\windows\Installer\1f8615.msi
+ 2009-07-19 15:47 . 2009-07-19 15:47 132096 c:\windows\Installer\{44E54A81-9D91-4AA1-9417-80AFF134F5FF}\WLXPhotoGalleryIcon.exe
+ 2009-07-19 17:04 . 2009-07-19 17:04 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\a362ea14c0fe23d4f2aea8ec021f0d3e\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dff83a93cfce38247be2ac2e0a8785a9\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\db7a09cf44aa9b0d0e57ddee3762ab1a\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b58392b9d39e8daf17f3bd78ab1147d0\WindowsLive.Writer.Passport.ni.dll
+ 2009-07-19 17:04 . 2009-07-19 17:04 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\93193886e8077ef3c8de1ea5f0edd7f8\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8a6fcbec105088d656a22542a0af3327\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\84e8e405b3075006fb93c866af02c63c\WindowsLive.Writer.Interop.ni.dll
+ 2009-07-19 17:04 . 2009-07-19 17:04 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7db7da9911abb2aa8a4e94ef744e7586\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56771dc2fe172f871091c71ac3a561c2\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-07-19 17:04 . 2009-07-19 17:04 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\423d86baaaa446228fc3205bd0671318\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-07-19 17:04 . 2009-07-19 17:04 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3c0571b569bad5e54a9932c8a898107e\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2e9d7206e575145912ce8aa61b211d77\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-07-19 17:04 . 2009-07-19 17:04 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\20fb431e55c3f27ad51498fe55d37ae4\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c76889f6da313c75b11eaf60461c82e\WindowsLive.Writer.Localization.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0521176f85dd52cee07fb05917197f4f\WindowsLive.Writer.Controls.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\01ac4b7ff5021dad8a2a4ca560e4b2d7\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-07-19 17:04 . 2009-07-19 17:04 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b6c3541e8a9df4ddbd720eb4c4dfd5e8\WindowsLive.Client.ni.dll
+ 2009-07-19 17:04 . 2009-07-19 17:04 797696 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\401b81fee3a030a2066b74c244a6c320\ehiVidCtl.ni.dll
+ 2009-07-19 15:45 . 2009-07-19 15:45 236392 c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
+ 2006-11-02 10:22 . 2009-07-19 16:08 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-07-18 01:56 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-19 17:16 . 2009-07-19 17:16 6230016 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-07-19 17:03 . 2009-07-19 17:03 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ce1b4192a4cf7472f1755e3aaee3aef3\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\99870d72535ce9a8c53ac80236c675c4\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-07-19 17:03 . 2009-07-19 17:03 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2a806fa96e3330a853ef9834dffdebf4\WindowsLive.Writer.PostEditor.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="" [?]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2004-01-25 856064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"LXCYCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-07-19 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-14 528384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-885072419-344737354-4171132561-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{12A45747-2372-4071-AFC2-797A16389BB3}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{857E81E3-6A25-4038-A976-590002A8FF54}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{B2690F95-1BA9-42B6-8151-D37A873D97E9}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{BE8168BD-1587-48C9-B8A9-8DA29EB488A4}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{97A20D34-D5EB-42F9-8D75-7772B1CAAAB2}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{8FFFA071-A90B-466D-AAC6-D07DB72C5A9C}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{FBB2CD35-5498-46F4-8829-2DF3885C1C12}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{0035BDE0-2E3C-476E-9D74-C9778E365572}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{2C7749D8-584C-471D-AEFF-C677570CEC98}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{6C2ADED2-5CD6-425A-A80E-00AA1D08D67B}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{0F068A94-5761-4B67-875A-ADE71355984C}"= UDP:c:\users\Sandrine\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{F3E6E932-B7C2-48D3-857D-835F0D16FC3A}"= TCP:c:\users\Sandrine\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{F1033A40-3B2A-45B8-A69E-2F056C5AC00E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{01295B98-1D47-4563-8392-FD78278C9C92}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

R1 aswSP;avast! Self Protection; [x]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [x]
R3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2002-07-24 10986]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2006-02-20 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title =
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 19:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3112)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
.
Completion time: 2009-07-19 19:34
ComboFix-quarantined-files.txt 2009-07-19 17:34
ComboFix2.txt 2009-07-19 12:42

Pre-Run: 46 498 189 312 octets libres
Post-Run: 46 332 243 968 octets libres

293 --- E O F --- 2009-07-16 01:09

et voici le rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:39, on 19/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\MSAgent\agentsvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1
Réponse 3 / 25
kduc Messages postés 1537 Statut Membre 133
 
...

Branche tes sources de données externes au PC (clé USB, disque dur externe, etc...)
qui sont susceptibles d' avoir été infectées et ce, sans les ouvrir !

Clique droit sur le raccourci UsbFix présent sur ton bureau et choisis "Exécuter en tant qu'administrateur" .

Au menu principal choisis l'option F (pour français) et tape valide par Entrée.

Au second menu, choisis l'option 2 ( Suppression ) et valide par Entrée.

Le bureau va disparaitre et le PC redémarrer.

Au redémarrage, UsbFix scannera le PC. Laisse l' outil travailler ...

Ensuite, poste le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque dur (C:\UsbFix.txt).

(Ctrl+A pour tout sélectionner, Ctrl+C pour copier et Ctrl+V pour coller)
1
loovy
 
salut Kdduc !
Voici le 2èmre rapport usbfix:

############################## | UsbFix V6.009 |

# User : Sandrine (Administrateurs) # PC-DE-SANDRINE
# Update on 20/07/09 by Chiquitine29 & C_XX
# Start at: 23:54:53 | 21/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18783
# Windows Firewall Status : Disabled
# AV : Antivirus BitDefender 12.0 [ Enabled | Updated ]
# AV : Norton Internet Security 2007 [ (!) Disabled | (!) Outdated ]
# FW : Norton Internet Security[ (!) Disabled ]2007
# FW : Pare-feu BitDefender [ Enabled ]12.0

# C:\ # Disque fixe local # 74,31 Go (46,13 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 67,91 Go (67,82 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# G:\ # Disque amovible

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |


################## | C:\Users\Sandrine\Temporary Internet Files |

Supprimé ! C:\Users\Sandrine\AppData\Local\Temp\eauninstall.exe

################## | All Drives ... |


################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |


################## | Listing des fichiers présent |

[18/09/2006 23:43|--a------|24] - C:\autoexec.bat
[19/01/2008 09:45|-rahs----|333203] - C:\bootmgr
[14/12/2006 22:42|-ra-s----|8192] - C:\BOOTSECT.BAK
[19/07/2009 19:34|--a------|27083] - C:\ComboFix.txt
[18/09/2006 23:43|--a------|10] - C:\config.sys
[20/07/2009 00:00|--a------|6439] - C:\FindyKill.txt
[21/07/2009 13:56|-rahs----|0] - C:\IO.SYS
[21/07/2009 23:38|--a------|156] - C:\lxcy.log
[21/07/2009 13:56|-rahs----|0] - C:\MSDOS.SYS
[?|?|?] - C:\pagefile.sys
[18/07/2009 02:04|--a------|5643] - C:\rapport.txt
[14/12/2006 14:55|--a------|351] - C:\RHDSetup.log
[14/12/2006 15:09|--a------|178] - C:\setup.log
[18/07/2009 04:31|--a------|4371] - C:\TB.txt
[21/07/2009 23:57|--a------|3502] - C:\UsbFix.txt

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## | Etat / Services / Informations |


################## | PEH ... |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.009 ! |
0
Réponse 4 / 25
kduc Messages postés 1537 Statut Membre 133
 
...

Télécharge Genproc : http://www.genproc.com/GenProc.exe ; puis, double-clique
sur GenProc.exe et poste le contenu du rapport qui s'ouvre.

Désactive l' UAC avant de lancer l' outil (uniquement sous Vista) :

http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/desactiver-controle-utilisateurs-sujet_198996_1.htm
1
loovy
 
Salut Kduc,

Voici le rapport genProc :


Rapport GenProc 2.606 [1] - 23/07/2009 à 1:14:55
@ Windows Vista Service Pack 1 - Mode normal
@ Internet Explorer (8.0.6001.18783) [Navigateur par défaut]

~~ "C:\Windows\sed.exe" a été renommé sed.exe_RenameGenProc ~~
~~ "C:\Windows\grep.exe" a été renommé grep.exe_RenameGenProc ~~

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt




~~~~ INFORMATION COMPLEMENTAIRE ~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:18:54, on 23/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\GenProc\outil\Sandrine_GenProc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Windows Live Contrôle parental (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
kduc Messages postés 1537 Statut Membre 133
 
Bonjour,

Supprime le programme en gras ...

C:\Program Files\QUAD Utilities

... en allant dans :

1/ Démarrer > Panneau de Config. > Programmes et Fonctionnalités

2/ Démarrer > Poste de travail > C:\Program Files\...

---
Fais un scan HijackThis et poste le rapport :
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm
0
Réponse 6 / 25
loovy Messages postés 7 Statut Membre 2
 
Bonjour,
Tout d'abord merci d'avoir pris le temps de me répondre !
voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:07, on 18/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\IMBooster.exe /warmup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 7 / 25
kduc Messages postés 1537 Statut Membre 133
 
...

Fais ce qui suit, dans l' ordre ...

Désactive l' UAC : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/desactiver-controle-utilisateurs-sujet_198996_1.htm

1. le téléchargement :

(si ce n’ est déjà fait) Télécharge CCleaner :
http://www.filehippo.com/download_ccleaner.html
("Download Latest Version", sur la droite) et laisse-toi guider.
A un moment, il te sera demandé de cocher :
"Ajouter la barre d' outils Yahoo". Refuse et …
Laisse-le s’ installer tel que …

2. la procédure :

--- Ensuite, ...

Redémarre le PC en mode sans échec ...
https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.html
(méthode F8 de préférence)

--------------------------------------------
Tu n' auras pas accès à Internet pendant le "mode sans échec".
Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
sur le "bureau" pour l' avoir à ta disposition.

--------------------------------------------

Ferme toutes les fenêtres et applications.
Relance HijackThis et clique sur > Do a system scan only puis, coche
les cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\IMBooster.exe /warmup
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

Ensuite, clique sur > Fix checked et valide par "Yes". Referme HijackThis.

Affiche les fichiers et dossiers cachés
https://www.micro-astuce.com/Forum/afficher-les-fichiers-caches-t1607.html

Rends-toi dans > Démarrer > Panneau de config. > Programmes et fonctionnalités

Supprime, si tu le(s) trouves > Iminent

Ensuite, va dans > Démarrer > Poste de travail > C:\

et supprime le(s) fichier(s) en gras, ci-dessous, si tu le(s) trouves.

C:\Program Files\Iminent <--

Remet les fichiers et dossiers cachés comme tu les as trouvés !

Lance CCleaner ...
Clique sur > Analyser > Nettoyer, puis sur OK dans la fenêtre qui s' affiche.
(re)Lance le nettoyage et (re)confirme par OK.

Redémarre le PC en mode normal ...

Télécharge, installe et mets à jour Malwarebytes Anti-Malwares
http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html
puis, lance un scan COMPLET et poste le rapport.

PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
puis sur Supprimer la sélection.

---
Concernant Adobe\Reader 9.0 : cette version est susceptible de contenir des failles de sécurité ; aussi, je te conseille de la remplacer par la toute dernière version :

http://www.secuser.com/vulnerabilite/2009/090429-adobe-reader.htm

http://www.secuser.com/faq/securite/#faille_securite
0
Réponse 8 / 25
loovy Messages postés 7 Statut Membre 2
 
Bonjour Kduc,
Voici le rapport :
merci d'avance !

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2453
Windows 6.0.6001 Service Pack 1

19/07/2009 12:08:29
mbam-log-2009-07-19 (12-08-29).txt

Type de recherche: Examen rapide
Eléments examinés: 76656
Temps écoulé: 7 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 158

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sK9Ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\111111s1ro1s1a (Rootkit.Bagle) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Rootkit.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users\Sandrine\AppData\Roaming\m (Trojan.Agent) -> Delete on reboot.
C:\Users\Sandrine\AppData\Roaming\drivers\downld (Worm.Bagle) -> Delete on reboot.

Fichier(s) infecté(s):
c:\Windows\System32\mdelk.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Windows\System32\wintems.exe (Worm.Bagle) -> Delete on reboot.
c:\Users\Sandrine\AppData\Roaming\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\141399.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\196264.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\240756.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\243985.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\252004.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\264343.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\265685.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\271176.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\275716.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\288508.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\290380.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\291035.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\292377.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\307758.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\309084.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\309147.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\312267.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\313983.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\315574.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\328413.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\329801.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\331127.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\332219.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\335027.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\336603.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\338085.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\339442.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\344231.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\344746.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\346072.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\347944.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\348537.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\348802.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\350643.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\350893.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\351236.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\352936.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\353545.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\355573.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\357164.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\357507.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\357772.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\364964.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\366820.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\370455.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\373669.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\374012.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\378614.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\378832.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\380626.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\383356.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\389659.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\396772.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\398800.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\399409.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\402763.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\418332.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\418613.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\419611.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\425258.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\440047.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\440094.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\442044.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\442652.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\446147.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\450265.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\451482.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\457410.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\458736.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\459188.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\459953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\478408.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\506114.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\507081.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\507611.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\508422.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\508454.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\509015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\517408.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\517470.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\518422.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\519405.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\521043.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\525364.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\527080.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\527548.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\528312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\534334.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\535676.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\535707.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\545207.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\553397.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\556798.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\558764.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\559528.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\559622.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\559949.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\559965.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\567562.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\568842.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\568857.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\570979.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\572820.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\574520.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\576205.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\576985.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\577593.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\577749.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\579387.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\579933.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\582694.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\583365.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\584364.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\584488.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\587187.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\591727.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\594660.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\595253.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\595955.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\596891.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\597312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\605065.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\606625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\613739.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\613754.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\617966.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\623691.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\625844.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\626500.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\627295.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\645235.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\649010.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\649775.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\649853.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\650180.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\651038.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\651054.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\707292.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\712050.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\713298.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\742517.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\743048.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\743063.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\837662.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\840174.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\840330.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\840704.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\842327.exe (Worm.Bagle) -> Quarantined and deleted successfully.
c:\Users\Sandrine\AppData\Roaming\drivers\downld\842342.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Sandrine\AppData\Roaming\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Sandrine\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sandrine\AppData\Roaming\drivers\11s11ro1s1a2.sys (Rootkit.Bagle.KillAV) -> Quarantined and deleted successfully.
C:\Users\Sandrine\AppData\Roaming\drivers\111wfs1intwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
0
Réponse 9 / 25
kduc Messages postés 1537 Statut Membre 133
 
Salut,

Toujours avec l' UAC désactivé ...

Clique droit sur UN de ces 3 liens pour installer ComboFix (par sUBs) :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
ou https://forospyware.com

Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
et sauvegarde-le (Enregistrer dans) sur le Bureau.

Important : dans "Nom du fichier" enregistre (renomme) "combofix" en combo-fix.exe

Prends connaissance de ce tutoriel : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Ferme toutes les fenêtres et applications.
Déconnecte-toi du net et désactive tes protections résidentes :
https://forum.pcastuces.com/default.asp

Sur le bureau, double clique combo-fix.exe.
(pour Vista, clique droit > Exécuter en tant qu' administrateur)

Tape sur la touche Y (Yes) pour démarrer le scan.
ComboFix redémarrera ton PC.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse et nouveau rapport hijackthis.

PS : Le rapport se trouve également ici : C:\Combofix.txt

Ne pas cliquer dans la fenêtre de Combofix durant l’analyse :
cela pourrait provoquer le gel du programme!

---
Relance un scan "complet" Malwarebytes (mode sans échec si possible) et poste aussi le rapport.
0
Réponse 10 / 25
kduc Messages postés 1537 Statut Membre 133
 
Salut,

Toujours avec l' UAC désactivé ...

Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes en gras:

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=
"?????????"=

- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
- Ferme tous tes navigateurs web (donc, copie ou imprime les instructions suivantes avant si besoin est).
- Désactive ton antivirus et tes autres protections résidentes (ex : antivirus, Malwaresbytes, etc ...) si tu en as (c' est important).
- Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image :
http://img517.imageshack.us/img517/8662/cfscript10uc2.gif

(Explications du glisser/coller : Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).

- Combofix va démarrer puis une fenêtre bleue va apparaître.
Au message qui s'affiche (Type 1 to continue, or 2 to abort) : tape 1, puis valide.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé ; sinon, le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher : poste-le stp.

PS : Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

-----
Relance aussi un scan HijackThis et poste le rapport.
0
Réponse 11 / 25
kduc Messages postés 1537 Statut Membre 133
 
...

On verra plus tard concernant les protections ...

Pour l' instant, télécharge FindyKill (de Chiquitine29) sur ton bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

-> Déconnecte toi et ferme toutes applications en cours !

Double clique sur FindyKill.exe pour lancer l'installation et laisse-le s' installer par défaut .

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...)

Fais un clic droit sur le raccourci FindyKill présent sur ton bureau et choisis
"Exécuter en tant qu'administrateur" ;

Au menu principal, choisis l'option F pour français et valide par Entrée ;

Au second menu, choisis l'option 1 (recherche) et valide par Entrée ;

Laisse travailler l'outil et ne touche à rien ...

Une fois le scan achevé, poste (copie-colle), dans ta réponse, le rapport qui s' affiche ...

(le rapport est sauvegardé aussi sous C:\FindyKill.txt)
(Ctrl+A pour tout selectionner, Ctrl+C pour copier et CTRL+V pour coller)

Aides en images : http://pagesperso-orange.fr/NosTools/findykill.html
0
Réponse 12 / 25
loovy Messages postés 7 Statut Membre 2
 
salut
Voici le rapport du scan de findykill :

############################## | FindyKill V5.004 |

# User : Sandrine (Administrateurs) # PC-DE-SANDRINE
# Update on 17/07/09 by Chiquitine29
# Start at: 21:57:22 | 19/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18783
# Windows Firewall Status : Enabled
# AV : Norton Internet Security 2007 [ (!) Disabled | (!) Outdated ]
# FW : Norton Internet Security[ (!) Disabled ]2007

# C:\ # Disque fixe local # 74,31 Go (43,54 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 67,91 Go (67,82 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\lxcycoms.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | C: |

################## | C:\Windows |

Présent ! C:\Windows\Prefetch\196264.EXE-DD9AF81C.pf
Présent ! C:\Windows\Prefetch\240756.EXE-D8ED3D88.pf
Présent ! C:\Windows\Prefetch\252004.EXE-B4BB9599.pf
Présent ! C:\Windows\Prefetch\271176.EXE-FAB571E0.pf
Présent ! C:\Windows\Prefetch\275716.EXE-FA976F64.pf
Présent ! C:\Windows\Prefetch\292377.EXE-9581AF06.pf
Présent ! C:\Windows\Prefetch\309084.EXE-7BC944A0.pf
Présent ! C:\Windows\Prefetch\312267.EXE-E5CC3809.pf
Présent ! C:\Windows\Prefetch\313983.EXE-C0FBED4F.pf
Présent ! C:\Windows\Prefetch\315574.EXE-182A9E9D.pf
Présent ! C:\Windows\Prefetch\328413.EXE-7E7E6DA1.pf
Présent ! C:\Windows\Prefetch\331127.EXE-A730A33D.pf
Présent ! C:\Windows\Prefetch\332219.EXE-C00E08AC.pf
Présent ! C:\Windows\Prefetch\336603.EXE-452ABED9.pf
Présent ! C:\Windows\Prefetch\344231.EXE-74F804BD.pf
Présent ! C:\Windows\Prefetch\344746.EXE-C014E69C.pf
Présent ! C:\Windows\Prefetch\366820.EXE-5E496ADD.pf
Présent ! C:\Windows\Prefetch\370455.EXE-BADB80B0.pf
Présent ! C:\Windows\Prefetch\378832.EXE-6F1A3EE3.pf
Présent ! C:\Windows\Prefetch\380626.EXE-77424ECD.pf
Présent ! C:\Windows\Prefetch\451451.EXE-875DA7DC.pf
Présent ! C:\Windows\Prefetch\456318.EXE-29248977.pf
Présent ! C:\Windows\Prefetch\459953.EXE-E82D7C57.pf
Présent ! C:\Windows\Prefetch\478408.EXE-A0CDDE13.pf
Présent ! C:\Windows\Prefetch\528312.EXE-CE36C521.pf
Présent ! C:\Windows\Prefetch\544786.EXE-39EC4CCA.pf
Présent ! C:\Windows\Prefetch\545207.EXE-735583CB.pf
Présent ! C:\Windows\Prefetch\573288.EXE-8B30FE0D.pf
Présent ! C:\Windows\Prefetch\597312.EXE-DB72F0F7.pf
Présent ! C:\Windows\Prefetch\606625.EXE-8693AD85.pf
Présent ! C:\Windows\Prefetch\FLEC006.EXE-5DAFCB4A.pf
Présent ! C:\Windows\Prefetch\MDELK.EXE-288F7189.pf
Présent ! C:\Windows\Prefetch\WINTEMS.EXE-85AF748B.pf

################## | C:\Windows\system32 |

################## | C:\Windows\system32\drivers |

################## | C:\Users\Sandrine\AppData\Roaming |

Présent ! C:\Users\Sandrine\AppData\Roaming\drivers

################## | C:\Users\loovy\AppData\Roaming |

################## | C:\Users\Sandrine\Temporary Internet Files |

################## | C:\Users\loovy\Temporary Internet Files |

################## | Registre / Clés infectieuses |

Présent ! [HKLM\software\microsoft\security center] "UacDisableNotify" 0x1

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK

# Mode sans echec : OK

# (!) Uac = 0x0

# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) windefend -> Start = 4 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V5.004 ! |
0
Réponse 13 / 25
kduc Messages postés 1537 Statut Membre 133
 
...

Déconnecte toi et ferme toutes application en cours (y compris le navigateur)

Branche les sources de données externes au PC, (clé USB, disque dur externe, etc...)

Clique droit sur le raccourci FindyKill présent sur ton bureau et choisis
"Exécuter en tant qu'administrateur" .

Au menu principal choisis l'option "F" pour français et valide par Entrée

Au second menu choisis l'option 2 (suppression) et valide par Entrée.

Le PC va redémarrer automatiquement ...

Le programme va travailler : ne touche à rien ... Ton bureau ne sera pas accessible ; c est normal !

Poste le rapport qui apparait à la fin (le rapport est sauvegardé aussi sous C:\FindyKill.txt)

/!\ Si le Bureau ne réapparait pas, presse Ctrl/Alt/Suppr, onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide.

Aides en images : http://pagesperso-orange.fr/NosTools/findykill.html
0
loovy
 
coucou Kduc,
je sais pas si tu as les retour de message, car maintenant c moi qui recois mes propres rapport sur mon email !
C pour ca que je me permet de reposter ceci !
bye
0
Réponse 14 / 25
loovy
 
Salut,
voici le rapport kindykill :

############################## | FindyKill V5.004 |

# User : Sandrine (Administrateurs) # PC-DE-SANDRINE
# Update on 17/07/09 by Chiquitine29
# Start at: 23:47:47 | 19/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18783
# Windows Firewall Status : Enabled
# AV : Norton Internet Security 2007 [ (!) Disabled | (!) Outdated ]
# FW : Norton Internet Security[ (!) Disabled ]2007

# C:\ # Disque fixe local # 74,31 Go (43,55 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 67,91 Go (67,82 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

################## | C: |

################## | C:\Windows |

Supprimé ! C:\Windows\Prefetch\WINUPGRO.EXE-B9E72D89.pf

################## | C:\Windows\system32 |

################## | C:\Windows\system32\drivers |

################## | C:\Users\Sandrine\AppData\Roaming |

################## | C:\Users\loovy\AppData\Roaming |

Supprimé ! C:\Users\Sandrine\AppData\Roaming\drivers

################## | Autres ... |

# Références de comparaison Bagle MD5 :

File : C:\Qoobox\Quarantine\C\Users\Sandrine\AppData\Roaming\drivers\winupgro.exe.vir
-> Crc32 : e9596340 | Md5 : 9bd6408ea871f95f8d5de4e8191ad7eb

Supprimé ! "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
-> Size : 856064 | Crc32 : e9596340 | Md5 : 9bd6408ea871f95f8d5de4e8191ad7eb

################## | Temporary Internet Files |

################## | Registre / Clés infectieuses |

Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\key_generator]
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Value ! [HKLM\software\microsoft\security center] "UacDisableNotify" -> Reset sucessfully !

################## | Etat / Services / Informations |

# Mode sans echec : OK

# Affichage des fichiers cachés : OK

# Uac : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |

Corrompu : C:\Program Files\Alwil Software\Avast4\ashAvast.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashChest.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashEnhcd.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashLogV.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashQuick.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashServ.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashUpd.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
[Offset = 000000D4 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\sched.exe
[Offset = 000000FC - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\VisthLic.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
[Offset = 000000F4 - Valeur = 0x0001]

Corrompu : C:\Program Files\Common Files\NewTech Infosystems\LiveUpdate\LiveUpdate.exe
[Offset = 00000114 - Valeur = 0x0001]

################## | Cracks / Keygens / Serials |

"C:\Users\Sandrine\.housecall6.6\"patch.exe""
18/07/2009 03:36 |Size 218736 |Crc32 12c79c8b |Md5 b9a80ba0083fb8196f8ca0bef053ea4e

################## | ! Fin du rapport # FindyKill V5.004 ! |
0
Réponse 15 / 25
loovy
 
salut Kduc,

J'ai posté le rapport hier soir, et j'aurai voulu savoir s'il y avait encore quelquechose à faire contre ces virus ou si tout est terminé ?
Si c'est possible, j'aimerai aussi savoir ce qu'il faut que je fasse pour avoir, de nouveau, une protection anti-virus efficace ou en tant cas plus éfficace qu'avast ?
merci d'avance !

Loovy
0
Réponse 16 / 25
kduc Messages postés 1537 Statut Membre 133
 
Bonsoir,

"... et j'aurai voulu savoir s'il y avait encore quelquechose à faire contre ces virus ou si tout est terminé ? "

Il y a encore à faire ...

"... j'aimerai aussi savoir ce qu'il faut que je fasse pour avoir, de nouveau, une protection anti-virus
efficace ou en tant cas plus éfficace qu'avast ? "

C' est pour bientôt.

-----
Dans l' immédiat, ...

Fais ce scan en ligne : http://www.bitdefender.fr/scan_fr/scan8/ie.html

Clique sur J' accepte > Démarrer l' analyse, etc ...

Une fois le scan achevé, sauvegarde le rapport et poste-le.

Tuto : https://forum.pcastuces.com/default.asp

PS : désactive la protection résidente d' Avast le temps du scan ...

Clique droit sur l'icône à côté de l'horloge -> Choisis : Arrêter la protection résidente

http://f.imagehost.org/view/0137/Desactiver_Avast
0
loovy
 
re salut !

impossible de faire le scan une fenetre apparait disant :
internet explorer à cessé de fonctionner"
j'ai suivi les instructions du tutoriel, a savoir :


Démarrer -> Panneau de configuration -> Options Internet ...


•Cliquez sur Supprimer les fichiers, Supprimer les cookies, avant de lancer le scan.
-> Ceci pour minimiser le temps de scan et éventuellement écourter le rapport.
.

Vérifiez également que les ActiveX sont paramétrés comme ceci:


•Démarrer -> Paramètres -> Panneau de configuration -> Options Internet
ou dans la fenêtre de Internet Explorer -> Outils -> Options Internet
•Dans la nouvelle fenêtre, sélectionnez l'onglet Sécurité
•Cliquez sur le bouton Personnaliser le niveau...

.
Une nouvelle fenêtre s'ouvre; dans la section Paramètres de sécurité, effectuez alors les réglages suivants:



•À la ligne: Contrôles ActiveX reconnus sûrs pour l'écriture de scripts, cochez la case -> Activé
•À la ligne: Contrôles d'initialisation et de scripts ActiveX non-marqués comme sécurisés, cochez la case -> Désactivé
•À la ligne: Exécuter les contrôles ActiveX et les plugins, cochez la case -> Activé
•À la ligne: Télécharger les contrôles ActiveX non signés, cochez la case -> Désactivé
•À la ligne: Télécharger les contrôles ActiveX signés, cochez la case -> Demander
•Cliquez sur le bouton OK, afin que les modifications soient prises en compte.
.

Pour les utilisateurs de VISTA, vous devez désactiver le Contrôle des comptes utilisateurs - UAC, vous le réactiverez à la fin du scan.

•Allez dans -> Démarrer -> Panneau de configuration
•Double-cliquez sur l'icône -> Compte d'utilisateurs
•Cliquez ensuite sur -> Activer ou désactiver le contrôle des comptes utilisateurs
•Décochez la case et Ok.
•Un redémarrage de l'ordinateur est nécessaire avant de poursuivre.

En image: https://www.pcastuces.com/pratique/windows/vista/astuces/desactiver_uac.htm
..
Cliquez sur ce lien -> https://www.bitdefender.fr/


Utilisez obligatoirement Internet Explorer, pas Firefox.

Pour Vista, cliquez droit sur le raccourci d'Internet Explorer -> Exécuter en tant qu'administrateur. Important !


•En bas, à gauche de la fenêtre, cliquez sur ->

•Dans la fenêtre suivante, cliquez sur -> J'accepte

•Si un bandeau jaune apparaît dans le haut de la fenêtre, clic gauche sur ce bandeau et acceptez l'installation du "Contrôle ActiveX" (BITDEFENDER LLC).



•Une petite fenêtre s'ouvre, cliquez sur -> Installer
•La fenêtre change encore, cliquez sur -> Démarrez l'analyse

•Les signatures se chargent et BitDefender SCAN ONLINE démarre l'analyse.
/!\ Si ce message s'affiche : "Echec de la mise à jour des signatures", il suffit de supprimer ce fichier (en gras) -> C:\Windows\BDOSCAN8 et recommencer.

Internet Explorer doit être fermé, sinon vous aurez un message d'erreur! Recommencez la procédure de scan.

.
Un bandeau jaune est apparu j'ai cliqué dessu pour le controle active X, mais la fenetre qui doit s'ouvrir et indiquer "installer" ne s'est pas ouverte. J'ai démarrer l'analyse et à la fin, il a eu une "erreur sur la page", j'ai donc supprimer le fichier BDOSCAN8</gras>

j'ai beau retenter la fenetre "internet explorer à céssé de fonctionner" réapparait !
J'ai du faire une fause manipulation, je ne comprends pas !
0
Réponse 17 / 25
kduc Messages postés 1537 Statut Membre 133
 
...

Essaie celui-là :

http://www.kaspersky.com/kos/eng/partner/default/languages/english/check.html?n=1224931742375

Clique sur > Accept.
Il est possible qu’ une barre jaune te demande d’ installer le
Kavwebscan_Unicode.cab (ActiveX) ; installe-le.
Clique une nouvelle fois sur > Accept.
Les mises à jour vont s’ installer. Patiente un moment.
Clique sur > Next.
Clique sur > My Computer (Poste de travail).
Le scan démarre ...
Attends la fin du scan (ne ferme pas la fenêtre, sinon il va stopper).
Une fois celui-ci achevé, poste le rapport.

Utilise Internet Explorer pour le scan ... et fais-le en mode "Administateur" si ça tousse.

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée",
va dans Ajout/Suppres… de progr., puis désinstalle On-Line Scanner.
Ensuite, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

Bonne nuit.
0
loovy
 
Quand je clique sur le lien kaspersky que tu m'indique voilà la réponse :

404 Not Found

--------------------------------------------------------------------------------

nginx/0.7.17
0
Réponse 18 / 25
kduc Messages postés 1537 Statut Membre 133
 
Hello,

http://www.kaspersky.com/kos/english/languages/english/check.html?n=1248157251781
0
loovy
 
salut,

impossible d'activer le controle active X
une petite fenetre s'ouvre, voici le message :
"windows a bloqué ce logiciel car il ne peut pas vérifier l'éditeur"
0
loovy
 
salut,
J'ai installé une version de 30 jours de bitdefender et voici le rapport :

BitDefender - Fichier journal

Produit : BitDefender Total Security 2009
Version : BitDefender UIScanner v.12
Tâche d'analyse : Analyse approfondie
Date du journal : 21/07/2009 17:46:36
Chemin du journal : C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\deep_scan\1248191196_1_00.xml

Analyse des chemins :Chemin 0000: C:\
Chemin 0001: D:\

Options d’analyse :Détecter les virus : Oui
Détecter les adwares : Oui
Détecter les spywares : Oui
Analyser les applications : Oui
Détecter les dialers : Oui
Détecter les rootkits : Oui

Options de sélection de cible :Analyser les clés du registre : Oui
Analyser les cookies : Oui
Analyser les secteurs de boot : Oui
Analyser les processus mémoire : Oui
Analyser les archives : Oui
Analyser les fichiers enpaquetés : Oui
Analyser les e-mails : Non
Analyser tous les fichiers : Oui
Analyse heuristique : Oui
Extensions analysées :
Extensions exclues :

Traitement de la cible :Action par défaut pour les objets infectés : Désinfecter
Action par défaut pour les objets suspects : Aucune
Action par défaut pour les objets camouflés : Aucune
Action par défaut pour les objets infectés : Aucune
Action par défaut pour les objets suspects encryptés : Aucune
Action par défaut pour les objets protégés par mot de passe : Enregistrer comme non analysé

Résumé de l'analyseNombre de signatures de virus : 3818966
Plugins archives : 45
Plugins e-mail : 6
Plugins d'analyse : 13
Plugins système : 5
Plugins de décompression : 7

Résumé de l'analyse généraleEléments analysés : 77333
Eléments infectés : 0
Eléments suspects : 0
Eléments résolus : 0
Éléments non résolus : 0
Eléments protégés : 0
Éléments ultra-compressés : 0
Virus individuels trouvés : 0
Répertoires analysés : 16519
Secteur de boot analysés : 4
Archives analysés : 996
Erreurs I/O : 0
Temps d'analyse : 00:47:05
Fichiers par seconde : 26

Résumé des processus analysésAnalysé : 54
Infecté : 0

Résumé des clés de registre analyséesAnalysé : 948
Infecté : 0

Résumé des cookies analysésAnalysé : 61
Infecté : 0
0
Réponse 19 / 25
kduc Messages postés 1537 Statut Membre 133
 
Bonjour,

Concerant les problèmes évoqués en début de sijet, il y a du mieux ... ou pas ?
0
loovy
 
salut Kduc,
Concernant le ventilateur, il ne s'affole plus, c'est résolu !

Par contre j'ai encore un souci avec ce fameux programme que les virus m'ont bloqué aussi, il s'agit de windows live messenger.

Le problème c que je l'ai enlevé de l'ordinateur puisqu'il ne fonctionnait plus et je voulais le réinstaller mais quand je veux le faire, apparemment il est déjà sur mon PC, mais impossible de le trouver dans le panneau de configuration "programmes" !

Je ne sais donc pas comment faire, peux-tu m'aider ?
Merci d'avance !
0
Réponse 20 / 25
kduc Messages postés 1537 Statut Membre 133
 
...

Telecharge et install UsbFix (par Chiquitine29) :
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

< Branche tes sources de données externes au PC (clé USB, disque dur externe, etc...) qui sont susceptibles
d' avoir été infectés et ce, sans les ouvrir >

Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis
"Exécuter en tant qu'administrateur" .

Au menu principal, fais le choix F (pour français) et valide par Entrée.

Au second menu, choisis l'option 1 (recherche) et valide par Entrée.

Laisse l' outil travailler ...

Puis, poste le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque dur (C:\UsbFix.txt).

(Ctrl+A pour tout selectionner, Ctrl+C pour copier et Ctrl+V pour coller)

Note 2 : "Process.exe", une composante de l'outil, est détecté par certains antivirus
(AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
0
loovy
 
Coucou Kduc voici le rapport usbfix :

############################## | UsbFix V6.009 |

# User : Sandrine (Administrateurs) # PC-DE-SANDRINE
# Update on 20/07/09 by Chiquitine29 & C_XX
# Start at: 23:04:47 | 21/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18783
# Windows Firewall Status : Disabled
# AV : Antivirus BitDefender 12.0 [ Enabled | Updated ]
# AV : Norton Internet Security 2007 [ (!) Disabled | (!) Outdated ]
# FW : Norton Internet Security[ (!) Disabled ]2007
# FW : Pare-feu BitDefender [ Enabled ]12.0

# C:\ # Disque fixe local # 74,31 Go (46,08 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 67,91 Go (67,82 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# G:\ # Disque amovible

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\lxcycoms.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |


################## | C:\Users\Sandrine\Temporary Internet Files |

Présent ! C:\Users\Sandrine\AppData\Local\Temp\eauninstall.exe

################## | All Drives ... |


################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |


################## | Other |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.009 ! |

Dois-je effectuer le nettoyage avec usbfix ?
0