Trojan, help

je fais cela dessuite merci

1ere reponse

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Josselin
->Temp folder emptied: 2808322 bytes
->Temporary Internet Files folder emptied: 16577368 bytes
->Java cache emptied: 10373527 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 450762 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 298041 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29,09 mb


OTM by OldTimer - Version 3.1.2.0 log created on 11202009_210401

Files moved on Reboot...

Registry entries deleted on Reboot...



le scan avec antivir est en route, je n'arrivais pas à telecharger la mise à jour today, mais la derniere que j'ai faite etait hier

voici le rapport d'antivir



Avira AntiVir Personal
Report file date: vendredi 20 novembre 2009 21:25

Scanning for 1916411 virus strains and unwanted programs.

Licensed to: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: Josselin
Computer name: PC-DE-JOSSELIN

Version information:
BUILD.DAT : 8.2.0.354 17048 Bytes 23/10/2009 13:15:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 12:59:49
AVSCAN.DLL : 8.1.4.0 40705 Bytes 25/07/2008 23:38:06
LUKE.DLL : 8.1.4.5 164097 Bytes 25/07/2008 23:38:07
LUKERES.DLL : 8.1.4.0 12033 Bytes 25/07/2008 23:38:07
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 23:04:18
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 12:02:58
ANTIVIR2.VDF : 7.1.6.222 5998592 Bytes 11/11/2009 18:10:40
ANTIVIR3.VDF : 7.1.6.251 292352 Bytes 18/11/2009 18:30:48
Engineversion : 8.2.1.70
AEVDF.DLL : 8.1.1.2 106867 Bytes 16/09/2009 09:47:06
AESCRIPT.DLL : 8.1.2.45 586108 Bytes 17/11/2009 18:33:18
AESCN.DLL : 8.1.2.5 127346 Bytes 05/09/2009 04:49:17
AERDL.DLL : 8.1.3.2 479604 Bytes 03/10/2009 18:16:55
AEPACK.DLL : 8.2.0.3 422261 Bytes 09/11/2009 18:07:31
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 19/06/2009 20:33:19
AEHEUR.DLL : 8.1.0.180 2093432 Bytes 09/11/2009 18:07:15
AEHELP.DLL : 8.1.7.4 237943 Bytes 17/11/2009 18:33:06
AEGEN.DLL : 8.1.1.74 364917 Bytes 11/11/2009 18:10:50
AEEMU.DLL : 8.1.1.0 393587 Bytes 03/10/2009 18:14:56
AECORE.DLL : 8.1.8.2 184694 Bytes 09/11/2009 18:05:32
AEBB.DLL : 8.1.0.3 53618 Bytes 16/10/2008 20:45:38
AVWINLL.DLL : 1.0.0.12 15105 Bytes 25/07/2008 23:38:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 25/07/2008 23:38:06
AVREP.DLL : 8.0.0.3 155688 Bytes 21/04/2009 10:50:54
AVREG.DLL : 8.0.0.1 33537 Bytes 25/07/2008 23:38:06
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 25/07/2008 23:38:06
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 25/07/2008 23:38:07
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 25/07/2008 23:38:03
RCTEXT.DLL : 8.0.52.0 86273 Bytes 25/07/2008 23:38:03

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 20 novembre 2009 21:25

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WMIADAP.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'infocard.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '1' Module(s) have been scanned
Scan process 'capuserv.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MobilityService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'eNet Service.exe' - '1' Module(s) have been scanned
Scan process 'eLockServ.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ALaunchSvc.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'eDSLoader.exe' - '1' Module(s) have been scanned
Scan process 'eAudio.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
69 processes with 69 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '51' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>
Begin scan in 'E:\' <DATA>


End of the scan: vendredi 20 novembre 2009 22:08
Used time: 42:23 Minute(s)

The scan has been done completely.

15812 Scanning directories
376999 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
376997 Files not concerned
4312 Archives were scanned
2 Warnings
0 Notes


que dois je faire maintenant?

merci d'avance

1er rapport

info.txt logfile of random's system information tool 1.06 2009-11-20 22:51:07

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.EXE" -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Crystal Eye Webcam Video Class Camera -->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x040c -removeonly -u
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.EXE" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audacity 1.3.4 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{C3B3BB74-B49D-4B15-A5D4-863426EB96E0}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
Free Video Flip and Rotate version 1.4-->"C:\Program Files\DVDVideoSoft\Free Video Flip and Rotate\unins000.exe"
GeoGebra-->"D:\math\UninstallerData\Uninstaller.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.5.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Premium-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -l0x00040c /z-uninstall
PowerProducer 3.72-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
QuickTime-->C:\Windows\unvise32qt.exe C:\Windows\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Trojan Remover 6.8.1-->"C:\Program Files\Trojan Remover\unins000.exe"
TRUST MI-4550XP WIRELESS OPTICAL MINI MOUSE-->C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\uninst00.exe
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition
AV: AVG 7.5.516 (outdated)
AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
AS: Windows Defender (disabled) (outdated)
AS: Norton Internet Security (outdated)

======System event log======

Computer Name: PC-de-Josselin
Event Code: 10010
Message: Le serveur {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} ne s'est pas enregistré sur DCOM avant la fin du temps imparti.
Record Number: 130844
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20091120184554.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Josselin
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 130849
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20091120184558.830000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Josselin
Event Code: 6008
Message: L'arrêt système précédant à 19:59:24 le 20/11/2009 n'était pas prévu.
Record Number: 130954
Source Name: EventLog
Time Written: 20091120191652.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Josselin
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 130973
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20091120200503.346235-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Josselin
Event Code: 6008
Message: L'arrêt système précédant à 21:15:26 le 20/11/2009 n'était pas prévu.
Record Number: 131077
Source Name: EventLog
Time Written: 20091120202021.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-Josselin
Event Code: 4113
Message:
Record Number: 49684
Source Name: Avira AntiVir
Time Written: 20091120213827.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Josselin
Event Code: 4113
Message:
Record Number: 49685
Source Name: Avira AntiVir
Time Written: 20091120214337.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Josselin
Event Code: 4113
Message:
Record Number: 49686
Source Name: Avira AntiVir
Time Written: 20091120214337.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Josselin
Event Code: 4113
Message:
Record Number: 49687
Source Name: Avira AntiVir
Time Written: 20091120214847.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Josselin
Event Code: 4113
Message:
Record Number: 49688
Source Name: Avira AntiVir
Time Written: 20091120214847.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: PC-de-Josselin
Event Code: 4904
Message: Une tentative d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-JOSSELIN$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0x344
Nom du processus : C:\Windows\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0xe2ca0e
Record Number: 36563
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090413122245.612000-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Josselin
Event Code: 4905
Message: Une tentative d’annulation d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-JOSSELIN$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0x344
Nom du processus : C:\Windows\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0xe2ca0e
Record Number: 36564
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090413122245.612000-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Josselin
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\eNetHook.dll
Record Number: 36565
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090413131247.029200-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Josselin
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\eNetHook.dll
Record Number: 36566
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090413134026.710400-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Josselin
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\eNetHook.dll
Record Number: 36567
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090413181352.114400-000
Event Type: Échec de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Samsung\Samsung PC Studio 3\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

2 rapport

Logfile of random's system information tool 1.06 (written by random/random)
Run by Josselin at 2009-11-20 22:50:35
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 20 GB (28%) free of 71 GB
Total RAM: 2045 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:59, on 20/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Users\Josselin\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Josselin\Desktop\RSIT.exe
C:\Program Files\trend micro\Josselin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [TQ566808] "F:\Setup.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

peux tu me dire à quoi sert Usbfix?

pourquoi y a t-il mais numeros de séries?

g tjrs les fenetres d'alertes qui souvent ;o(




voici le rapport:



############################## | UsbFix V6.055 |

User : Josselin (Administrateurs) # PC-DE-JOSSELIN
Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:40:40 | 20/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 7.0.6000.16546
Windows Firewall Status : Disabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
AV : AVG 7.5.516 7.5.516 [ Enabled | (!) Outdated ]
AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ (!) Disabled ]2007

C:\ -> Disque fixe local # 69,77 Go (19,2 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 149,05 Go (5,02 Go free) [DATA] # NTFS
E:\ -> Disque fixe local # 69,52 Go (5,09 Go free) [DATA] # NTFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 983,72 Mo (981,36 Mo free) [UDISK 2.0] # FAT

############################## | Processus actifs |

C:\Windows\System32\smss.exe 460
C:\Windows\system32\csrss.exe 592
C:\Windows\system32\wininit.exe 648
C:\Windows\system32\csrss.exe 656
C:\Windows\system32\services.exe 696
C:\Windows\system32\lsass.exe 708
C:\Windows\system32\lsm.exe 716
C:\Windows\system32\winlogon.exe 756
C:\Windows\system32\svchost.exe 908
C:\Windows\system32\svchost.exe 972
C:\Windows\system32\Ati2evxx.exe 1004
C:\Windows\System32\svchost.exe 1068
C:\Windows\System32\svchost.exe 1112
C:\Windows\system32\svchost.exe 1176
C:\Windows\system32\SLsvc.exe 1308
C:\Windows\system32\svchost.exe 1416
C:\Windows\system32\Ati2evxx.exe 1480
C:\Windows\system32\svchost.exe 1640
C:\Windows\system32\Dwm.exe 1880
C:\Windows\System32\spoolsv.exe 1932
C:\Windows\system32\taskeng.exe 1944
C:\Windows\Explorer.EXE 1952
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 1996
C:\Windows\system32\svchost.exe 256
C:\Windows\system32\runonce.exe 392
C:\Acer\ALaunch\ALaunchSvc.exe 1148
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 1428
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 1080
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 896
C:\Acer\Empowering Technology\eNet\eNet Service.exe 1812
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 2064
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2160
C:\Acer\Mobility Center\MobilityService.exe 2188
C:\Windows\System32\svchost.exe 2208
C:\Windows\System32\svchost.exe 2260
C:\Windows\system32\svchost.exe 2312
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2324
C:\Windows\system32\svchost.exe 2376
C:\Windows\System32\svchost.exe 2436
C:\Windows\system32\SearchIndexer.exe 2536
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2608
C:\Windows\system32\WUDFHost.exe 2632
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2712
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 2764
C:\Windows\system32\wbem\wmiprvse.exe 2940
C:\Windows\system32\wbem\wmiprvse.exe 3088
C:\Windows\system32\wbem\unsecapp.exe 3136
C:\Windows\system32\taskeng.exe 3248
C:\Windows\system32\PresentationSettings.exe 3456

################## | Fichiers # Dossiers infectieux |


################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{472a8507-9ad9-11dd-9ad6-e5b92d0acac7}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{8552e796-950c-11dc-a66d-e1c2ebe30c52}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9b2fbed5-dc9c-11dd-a034-80329993f0a4}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b3e3c130-2f42-11dd-8799-001b77850515}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f47ea3fa-89d9-11dc-b88b-8b0b64bd33d5}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f47ea405-89d9-11dc-b88b-8b0b64bd33d5}\Shell\Auto\Command

################## | Listing des fichiers présent |

[10/08/2007 08:34|--a------|3380] C:\-20070810.log
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[02/11/2006 10:53|-rahs----|438840] C:\bootmgr
[10/08/2007 15:43|-ra-s----|8192] C:\BOOTSECT.BAK
[18/09/2006 22:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[29/11/2007 15:09|-rahs----|0] C:\IO.SYS
[08/08/2008 23:44|--a------|7] C:\ISACER.id
[16/08/2005 07:49|---------|40960] C:\junction.exe
[29/11/2006 16:35|--a------|512] C:\MDR.iss
[29/11/2007 15:09|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[10/08/2007 07:32|--a------|420] C:\RHDSetup.log
[10/08/2007 08:19|--a------|178] C:\setup.log
[20/11/2009 23:48|--a------|4721] C:\UsbFix.txt
[10/08/2007 08:31|--a------|1711536] C:\vcredist_x86.log
[31/07/2008 19:09|--a------|617555] D:\bb_073.jpg
[14/02/2009 13:25|--a------|24220] D:\dongwu.jpg
[14/02/2009 13:28|--a------|32765] D:\dscf2351negatif-copie_1195740562.jpg
[28/01/2009 14:27|--a------|48128] D:\Feuille de cycle.doc
[17/02/2009 19:13|--a------|14080] E:\001.gif
[17/02/2009 19:14|--a------|20541] E:\006.gif
[17/02/2009 19:14|--a------|14633] E:\012.gif
[17/02/2009 19:18|--a------|90304] E:\114656901056.jpg
[25/05/2000 19:45|--a------|23040] E:\A1 - OBJET.doc
[25/05/2000 19:47|--a------|23040] E:\A2 - SOMMAIRE.doc
[02/07/2003 14:30|--a------|56320] E:\basket_6e.doc
[25/05/2000 15:33|--a------|19456] E:\BB01 - Basket ball - Niveaux de jeu.xls
[25/05/2000 15:46|--a------|20480] E:\BB02 - Basket ball - Recherche du niveau de jeu.xls
[25/05/2000 15:35|--a------|25600] E:\BB03 - Basket Ball - Niveau I.xls
[25/05/2000 15:34|--a------|53760] E:\BB04 - Basket Ball - Evaluation niveau I.xls
[25/05/2000 15:34|--a------|26624] E:\BB05 - Basket Ball - Niveau II.xls
[25/05/2000 15:34|--a------|53760] E:\BB06 - Basket Ball - Evaluation niveau II.xls
[25/05/2000 15:34|--a------|26624] E:\BB07 - Basket Ball - Niveau III.xls
[25/05/2000 15:33|--a------|52736] E:\BB08 - Basket Ball - Evaluation niveau III.xls
[25/05/2000 15:35|--a------|17920] E:\BB09 - Basket Ball - Connaissances.xls
[25/05/2000 15:31|--a------|34816] E:\BB10 - Basket Ball - Barˆme sur 15.xls
[17/02/2009 19:15|--a------|4130] E:\Calimero-003.gif
[17/02/2009 19:15|--a------|5504] E:\Calimero-006.gif
[17/02/2009 19:15|--a------|4515] E:\Calimero-008.gif
[17/02/2009 19:15|--a------|3619] E:\Calimero-011.gif
[17/02/2009 19:16|--a------|3982] E:\Calimero-020.gif
[09/12/2004 21:38|--a------|915456] E:\musc_LE.doc
[25/05/2000 15:40|--a------|15872] E:\VB01 - Volley ball - Niveau de jeu.xls
[25/05/2000 15:42|--a------|19968] E:\VB02 - Volley Ball - Recherche niveau de jeu.xls
[25/05/2000 15:40|--a------|28672] E:\VB03 - Volley ball - Niveau I.xls
[25/05/2000 15:39|--a------|53248] E:\VB04 - Volley Ball - Evaluation niveau I.xls
[25/05/2000 15:39|--a------|28672] E:\VB05 - Volley ball - Niveau II.xls
[25/05/2000 15:39|--a------|53760] E:\VB06 - Volley Ball - Evaluation niveau II.xls
[25/05/2000 15:38|--a------|33280] E:\VB07 - Volley ball - Niveau III.xls
[25/05/2000 15:38|--a------|53248] E:\VB08 - Volley Ball - Evaluation niveau III.xls
[25/05/2000 15:19|--a------|17920] E:\VB09 - Volley Ball - Connaissances.xls
[25/05/2000 15:32|--a------|34816] E:\VB10 - Volley Ball - Barˆme sur 15.xls
[07/11/2009 18:32|--a------|117760] G:\calcul note haies 3e.xls
[12/11/2009 21:51|--a------|76591] G:\convocations athl‚2.xlsx
[29/03/2009 21:20|--a------|15937] G:\fiche obs ‚quipe.docx
[29/03/2009 21:02|--a------|17658] G:\Fiche observation ultimate.docx
[29/03/2009 21:41|--a------|16055] G:\regles essentielles ultimate.docx
[05/05/2008 21:10|---hs----|348160] G:\msvcr71.dll
[06/11/2009 13:12|--a------|57344] G:\LOGO.doc

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.
# G:\autorun.inf -> Dossier créé par UsbFix.

################## | Suspect | https://www.virustotal.com/gui/ |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.055 ! |

j'ai deja essayé MalwareBytes il ne m'avait rien detecté. le trojan était comme indiqué dans le 1er message "tr\downloder.gen et il va se fixer sur c:\windows\temp\ son nom change tout le temps et se compose toujour de 4 lettres suivi d'un ".tmp" ou qqchose comme ça

hier soir j'ai installé combofix et je l'ai fait tourner. au redemarrage ce matin il semble que je n'ai plus rien enfin à voir...en tout cas avant j'avais 2 ou 3 fenetres qui s'ouvraient toutes les 2min...c'est un peu pénible à force :o( mais la je viens de rentré et relancé et tjrs rien ...croisons les doigts.

voici le rapport de combofix:

ComboFix 09-11-20.02 - Josselin 21/11/2009 2:57.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2045.996 [GMT 1:00]
Lancé depuis: c:\users\Josselin\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG 7.5.516 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\windows\system32\eNetHook.dll

[i] ADS - Windows: deleted 48 bytes in 1 streams. /i

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\acer\Empowering Technology\eRecovery\Autorun\SW1\Tuner\Liteon\Resources\_desktop.ini
c:\drv\Tuner\Yuan\Resources\_desktop.ini
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk
c:\windows\system32\drivers\pciide.sys

Une copie infectée de c:\windows\System32\drivers\iaStor.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-21 au 2009-11-21 ))))))))))))))))))))))))))))))))))))
.

2009-11-21 02:21 . 2009-11-21 02:21 -------- d-----w- c:\users\Josselin\AppData\Local\temp
2009-11-21 01:39 . 2009-02-17 13:49 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-11-21 01:39 . 2009-11-21 01:31 404737 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-11-21 01:39 . 2009-11-21 01:31 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-11-21 01:39 . 2009-04-17 16:07 87297 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-11-21 01:39 . 2009-03-03 10:21 9985 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-11-21 01:39 . 2009-02-24 12:16 117505 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-11-21 01:39 . 2008-10-20 07:38 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-11-21 01:13 . 2009-11-21 01:39 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 01:13 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-21 01:13 . 2009-11-21 01:13 -------- d-----w- c:\programdata\Avira
2009-11-21 01:13 . 2009-11-21 01:13 -------- d-----w- c:\program files\Avira
2009-11-21 00:21 . 2009-11-21 00:21 -------- d-----w- c:\users\Josselin\AppData\Local\Threat Expert
2009-11-20 23:51 . 2009-11-21 01:09 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-20 22:16 . 2009-11-20 22:50 4096 d-----w- C:\UsbFix
2009-11-20 21:50 . 2009-11-20 21:50 -------- d-----w- c:\program files\trend micro
2009-11-20 21:50 . 2009-11-20 21:51 -------- d-----w- C:\rsit
2009-11-20 19:30 . 2009-11-20 19:30 -------- d-----w- c:\users\Josselin\AppData\Roaming\Malwarebytes
2009-11-20 19:30 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 19:30 . 2009-11-20 19:30 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 19:30 . 2009-11-20 19:30 -------- d-----w- c:\programdata\Malwarebytes
2009-11-20 19:30 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 19:19 . 2009-11-20 19:19 -------- d-----w- C:\_OTM
2009-11-20 11:20 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-20 11:20 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-20 11:20 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-20 11:20 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-20 11:20 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-20 11:20 . 2009-11-20 11:21 4096 d-----w- c:\program files\Trojan Remover
2009-11-20 11:20 . 2009-11-20 11:20 -------- d-----w- c:\users\Josselin\AppData\Roaming\Simply Super Software
2009-11-20 11:20 . 2009-11-20 11:20 -------- d-----w- c:\programdata\Simply Super Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 02:04 . 2006-11-02 15:48 690832 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-21 02:04 . 2006-11-02 15:48 117572 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-20 11:34 . 2007-10-26 20:04 7484 ----a-w- c:\users\Josselin\AppData\Local\d3d9caps.dat
2009-09-22 15:24 . 2009-09-22 15:24 -------- d-----w- c:\program files\Elaborate Bytes
2006-05-03 09:06 . 2008-12-28 18:05 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-12-28 18:05 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2008-12-28 18:05 216064 --sha-r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-10 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3677620124-4233402765-754986308-1000]
"EnableNotificationsRef"=dword:00000001

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [04/09/2007 21:22 13560]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [10/08/2007 09:16 50688]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/11/2009 02:13 108289]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [10/08/2007 15:41 32256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [10/08/2007 15:41 179712]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [08/06/2008 15:45 28224]
S3 PsSdk31;PsSdk31;c:\windows\System32\drivers\pssdk31.drv [28/12/2008 20:00 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\System32\drivers\pssdklbf.drv [28/12/2008 20:00 37440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'

2009-11-20 c:\windows\Tasks\User_Feed_Synchronization-{E8F03FC0-7193-408E-A362-BA2EE54568E2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-TQ566808 - F:\Setup.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 03:21
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-11-21 03:28
ComboFix-quarantined-files.txt 2009-11-21 02:28

Avant-CF: 22 125 096 960 octets libres
Après-CF: 22 030 049 280 octets libres

- - End Of File - - 80DAF0231B5775903DADA1369D7756D6

bonsoir,

j'ai télèchargé le logiciel comme indiqué. Je n'ai aucune ligne en rouge, il ne semble plus rien y avoir sur mon ordi. Encore merci pour le gros coup de main.

par contre je ne sais se qu'est un rootkit, comment on "l'attrappe" et quelles sont ses fonctions...peux tu m'en dire plus?


merci

à bientot

voilà,


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics)
ViRobot - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
File size: 13416 bytes
MD5 : 3b1901e401473e03eb8c874271e50c26
SHA1 : db96acb2fa42ca13cba7c132223c05d1d570e5b5
SHA256: 3c7931f419e29fdd0155d8d05d97289430a2852fcb3dbad1b338fe2241458e72
TrID : File type identification
49.9% (.EXE) Generic Win/DOS Executable (2002/3)
49.8% (.EXE) DOS Executable Generic (2000/1)
0.1% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3)
ssdeep: 384:wY3nXfYWVCi+WjLCc5NJnrW7uT+quEOjBMNx6n:h2iDL3LBrezM6
PEiD : -
RDS : NSRL Reference Data Set

( Microsoft )

Installed Vista Ultimate: pciide.sys


et peux tu me dire comment j'ai ete infecté?

merci

je ne sais pas comment j'ai ete infecté justement, c'est ce que je cherche à savoir. Je n'utilise que rarement ma clé pour imprimer des docs au boulot. j'avoue ne pas avoir updaté depuis longtps mon windows et autres logiciels tel que adobe reader :o(

je m'applique à le faire maintenant.


que dois je faire?


merci

peux tu me dire si le fichier etait infecté? car une partie du rapport etait marqué en rouge.

et ce que tu me demande de faire là, c'est d'enlever de la quarantaine le fichier que tu m'as fait testé précédement?

je parlais du rapport fait en ligne...

pour gmer j'ai vu qu'il n'y avait pas de zone marqué en rouge je sais plus si j'ai sauvegardé le rapport...je refais un scan avec gmer?

merci