Sujet Précédent Sujet Suivant

Probleme avec bagle

gogul1902 Messages postés 4 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Voilà je suis ce que l on pourrait décemment appeler un bon gros débutant qui flippe de toucher à tout sur son ordi!!!!
J'ai plusieurs applications qui ne s ouvrent pas message du genre "win 32.exe invalide" quand j essaye d ouvrir divers logiciel dont avast...et je pense aussi que ce "vius" m empêche de jouer en reseau...
J ai VISTA et jai déjà effectué des rapports avec ELIBAGLA et HIJACK...Lesouci c est que je ne sais pas quoi en faire!!!!
Je ne veux pas faire mon pleurnichard mais jesuis en vacance et sans mon pc...snif...
J'attend une réponse avec impatience....ci joint mes différenDeckard's System Scanner v20071014.68
Run by Xavier on 2008-05-05 15:32:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
8: 2008-05-04 01:34:27 UTC - RP237 - Point de contrôle planifié
7: 2008-05-03 13:08:26 UTC - RP236 - Point de contrôle planifié
6: 2008-05-02 06:35:52 UTC - RP235 - Installé Full Tilt Poker
5: 2008-04-30 18:44:55 UTC - RP233 - Point de contrôle planifié
4: 2008-04-29 09:06:16 UTC - RP232 - Point de contrôle planifié

-- First Restore Point --
1: 2008-04-22 05:58:58 UTC - RP229 - Point de contrôle planifié

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Xavier.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:45, on 05/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Xavier\AppData\Local\snwpesopa.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Xavier\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Xavier\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Xavier\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\8KS5ZD0O\Xavier.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "D:\Application\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Application\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [snwpesopa] c:\users\xavier\appdata\local\snwpesopa.exe snwpesopa
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9718 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ALaunchService (ALaunch Service) - c:\acer\alaunch\alaunchsvc.exe <Not Verified; ; ALaunchSvc Service Image>
R2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management>
R2 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service>
R2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p
R2 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-04 20:53:20 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{2227656E-B95B-4FEC-B91D-110D0DC624E4}.job

-- Files created between 2008-04-05 and 2008-05-05 -----------------------------

2008-05-05 13:10:48 686630 --a------ C:\Program Files\dss.exe
2008-05-05 13:08:19 0 d-------- C:\Program Files\Trend Micro
2008-05-05 12:33:27 0 d-------- C:\Program Files\Alwil Software
2008-04-23 18:20:43 0 d-------- C:\Users\Xavier\gamebox
2008-04-11 18:01:48 0 d-------- C:\Users\All Users\Zylom
2008-04-07 11:12:32 0 d-------- C:\Program Files\Ubisoft
2008-04-07 09:27:42 53248 --a------ C:\Windows\ipuninst.exe <Not Verified; Interplay Productions; Interplay Uninstaller for Windows 95>

-- Find3M Report ---------------------------------------------------------------

2008-05-05 15:30:10 27430 --a------ C:\Users\Xavier\AppData\Roaming\nvModes.001
2008-05-05 13:18:09 690832 --a------ C:\Windows\system32\perfh00C.dat
2008-05-05 13:18:09 117572 --a------ C:\Windows\system32\perfc00C.dat
2008-05-05 11:56:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-05 11:55:51 0 d-------- C:\Program Files\Norton Internet Security
2008-05-05 11:45:52 27430 --a------ C:\Users\Xavier\AppData\Roaming\nvModes.dat
2008-05-03 20:45:17 0 d-------- C:\Users\Xavier\AppData\Roaming\.BitTornado
2008-05-02 08:36:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-09 03:12:27 0 d-------- C:\Program Files\Windows Mail
2008-04-03 17:53:00 10 --a------ C:\Windows\popcinfo.dat
2008-04-02 21:01:09 0 d-------- C:\Program Files\Atari
2008-03-31 21:05:33 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-03-16 17:44:21 0 d-------- C:\Program Files\Common Files
2008-03-16 17:44:21 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-16 16:56:54 0 d-------- C:\Program Files\Bezerk
2008-03-07 09:59:54 0 -rahs---- C:\MSDOS.SYS
2008-03-07 09:59:54 0 -rahs---- C:\IO.SYS
2008-03-07 09:53:23 0 d-------- C:\Program Files\Acer GameZone
2008-02-05 18:12:45 98304 --a------ C:\Windows\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [26/07/2007 03:46]
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" []
"RtHDVCpl"="RtHDVCpl.exe" [06/07/2007 05:06 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [25/04/2007 16:33]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [11/06/2007 14:54]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [05/05/2008 15:30]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [05/05/2008 15:30]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [25/07/2007 14:53]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [25/07/2007 14:53]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [25/07/2007 14:53]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [15/08/2007 11:21]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [24/05/2007 14:38]
"PLFSetL"="C:\Windows\PLFSetL.exe" [05/07/2007 13:35]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [06/06/2007 10:06]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [11/01/2005 01:02]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [05/11/2006 22:48]
"SetPanel"="C:\Acer\APanel\APanel.cmd" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 11:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"CloneCDTray"="D:\Application\CloneCD\CloneCDTray.exe" [28/09/2006 21:21]
"DAEMON Tools"="D:\Application\DAEMON Tools\daemon.exe" [12/11/2006 12:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/05/2008 12:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [30/01/2008 02:45]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [11/01/2005 01:02]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:36]
"snwpesopa"="c:\users\xavier\appdata\local\snwpesopa.exe" [02/05/2008 22:37]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [26/07/2007 04:17:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dd7b2ff-05d2-11dd-ab18-001b3877ba9d}]
AutoRun\command- I:\InstallTomTomHOME.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-05-05 15:35:46 -----------

ET....

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Édition Familiale Premium (build 6000)
Architecture: X86; Language: French

CPU 0: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 1790.31 MiB / 1120.87 MiB
Pagefile Memory (total/avail): 3808.95 MiB / 2862.16 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.5 MiB

C: is Fixed (NTFS) - 51.14 GiB total, 20.7 GiB free.
D: is Fixed (NTFS) - 50.89 GiB total, 17.38 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS542512K9SA00 ATA Device - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 51.14 GiB - C:
\PARTITION2 - Système de fichiers installable - 50.89 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) [COLOR=RED]Disabled/COLOR [COLOR=RED]Outdated/COLOR
AS: Norton Internet Security v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Xavier\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-DE-XAVIER
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Xavier
LOCALAPPDATA=C:\Users\Xavier\AppData\Local
LOGONSERVER=\\PC-DE-XAVIER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6801
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Xavier\AppData\Local\Temp
TMP=C:\Users\Xavier\AppData\Local\Temp
USERDOMAIN=PC-de-Xavier
USERNAME=Xavier
USERPROFILE=C:\Users\Xavier
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Xavier [I](admin)/I

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Windows\IsUn040c.exe -fd:\jeux\Vampire.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer Crystal Eye Webcam Video Class Camera --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x040c -removeonly -u
Acer eAudio Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ALPS Touch Pad Driver --> C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
America's Army --> MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Athens 2004 (v1.0.0) --> MsiExec.exe /X{56196564-B032-412F-B729-382AFA24B295}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitTornado 0.3.18 --> D:\Application\bit tornado\BitTornado\uninst.exe
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CD Audio Reader Filter (remove only) --> "C:\Program Files\CD Audio Reader Filter\uninstall.exe"
Chaos-League MS --> D:\JEUX\Chaos-League MS\uninstall.exe
CloneCD --> "D:\Application\CloneCD\ccd-uninst.exe" /D="D:\Application\CloneCD"
Dark Fall --> D:\JEUX\Uninstal.exe
DirectVobSub (remove only) --> "C:\Program Files\DirectVobSub\uninstall.exe"
DS-MP3 Source 1.30 --> "C:\Program Files\DS-MP3 Source\Uninstall.exe"
DScaler 5 Mpeg Decoders --> "C:\Program Files\DScaler5\unins000.exe"
eMule --> "D:\Application\eMule\Uninstall.exe"
Fallout 2 --> C:\Windows\ipuninst.exe -fC:\Program Files\BlackIsle\Fallout2\uninst.log
Favorit --> c:\users\xavier\appdata\local\pracmvxa.bat
ffdshow [rev 1685] [2007-12-06] --> "C:\Program Files\ffdshow\unins000.exe"
Full Tilt Poker --> "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
GameCenter --> D:\JEUX\Chaos-League MS\GameCenter\uninstall.exe
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -Ic:\Release\Foxconn\51338\AcrZUn32z.inf
HijackThis 2.0.2 --> "C:\Users\Xavier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8KS5ZD0O\HijackThis.exe" /uninstall
InternetGameBox --> D:\JEUX\gamebox\InternetGameBox\uninst.exe
Launch Manager --> C:\Windows\UnInst32.exe LManager.UNI
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Luxor 2 --> "C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007 --> MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenSource Flash Video Splitter (remove only) --> "C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
Planescape - Torment --> C:\Windows\IsUn040c.exe -fd:\jeux\Uninst.isu
Player Metaboli --> "C:\Program Files\Player Metaboli\Uninstall.exe"
Poker 770 --> "D:\Application\Poker 770\_SetupCasino.exe" /uninstall
PowerProducer 3.72 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
RealMedia (remove only) --> "C:\Program Files\RealMedia\uninstall.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
RomStation --> D:\Application\ROM STATION\Uninstal.exe
Runaway --> D:\Remote Programs\Runaway - A Road Adventure\GPlrLanc.exe -LOpCode 2 /RemoveContent cid=213554;name=Runaway;dir=D:\Remote Programs\Runaway - A Road Adventure\;prvid=200;cmdid=1;prvdir=Default
Sacred --> D:\JEUX\Sacred\unins000.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SHOUTcast Source (remove only) --> "C:\Program Files\SHOUTcast Source\uninstall.exe"
TeamSpeak 2 RC2 --> D:\Teamspeak2_RC2\unins000.exe
Tom Clancy's Rainbow Six: Lockdown --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BB33584-3860-4772-AEE9-D8E61F552896}\Setup.exe" -l0x40c
Treasures of the Deep --> "C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
Update for Office 2007 (KB934528) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
vanBasco's Karaoke Player --> D:\JEUX\vanBasco's Karaoke Player\uninst.exe
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Yahoo! Toolbar avec bloqueur de fenêtres pop-up --> C:\PROGRA~1\Yahoo!\common\unyt.exe
YOU DON'T KNOW JACK® --> D:\JEUX\YDKJWIN\Uninst.exe
Zoom Player (remove only) --> "D:\Application\Zoom Player\uninstall.exe"
Zuma Deluxe --> "C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

-- Application Event Log -------------------------------------------------------

Event Record #/Type13331 / Success
Event Submitted/Written: 05/05/2008 03:30:04 PM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type13328 / Success
Event Submitted/Written: 05/05/2008 03:30:02 PM
Event ID/Source: 5615 / WinMgmt
Event Description:

Event Record #/Type13327 / Error
Event Submitted/Written: 05/05/2008 03:30:01 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Niveau d'information : error

?

Event Record #/Type13318 / Success
Event Submitted/Written: 05/05/2008 03:29:47 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Le service de gestion des licences du logiciel a démarré.

Event Record #/Type13297 / Warning
Event Submitted/Written: 05/05/2008 02:55:13 PM
Event ID/Source: 0 / AtBroker
Event Description:
GetSessionValue Failed to Open session value return error 2

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type61666 / Error
Event Submitted/Written: 05/05/2008 03:30:31 PM
Event ID/Source: 12 / PlugPlayManager
Event Description:
Le périphérique 'Pilote BIOS de gestion de systèmes Microsoft' (Root\SYSTEM\0002) a disparu du système sans que sa suppression ait tout d'abord été préparée.

Event Record #/Type61665 / Error
Event Submitted/Written: 05/05/2008 03:30:26 PM
Event ID/Source: 12 / PlugPlayManager
Event Description:
Le périphérique 'Périphériques IR grand public' (Root\SYSTEM\0001) a disparu du système sans que sa suppression ait tout d'abord été préparée.

Event Record #/Type61664 / Error
Event Submitted/Written: 05/05/2008 03:30:25 PM
Event ID/Source: 12 / PlugPlayManager
Event Description:
Le périphérique 'Énumérateur de périphérique logiciel Plug-and-Play' (Root\SYSTEM\0000) a disparu du système sans que sa suppression ait tout d'abord été préparée.

Event Record #/Type61663 / Error
Event Submitted/Written: 05/05/2008 03:30:25 PM
Event ID/Source: 7006 / Service Control Manager
Event Description:
ScRegSetValueExWType%%5

Event Record #/Type61630 / Error
Event Submitted/Written: 05/05/2008 03:30:17 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Planificateur LiveUpdate automatique%%1053

-- End of Deckard's System Scanner: finished at 2008-05-05 15:35:46 ------------
Configuration: Windows Vista
Internet Explorer 7.0

11 réponses

Réponse 1 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
essaye de refaire combofix en mode sans echec ainsi qu'elibaga

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020905112131924
1
Réponse 2 / 11
gogul1902 Messages postés 4 Statut Membre 1
 
Bonjour...et de nouveau merci jlpjlp!!!!! en mode sans échec ça a fonctionné!!!!!!
je joind mon rapport...

ComboFix 08-05-01.3 - Xavier 2008-05-06 8:41:52.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1053 [GMT 2:00]
Endroit: C:\Users\Xavier\Desktop\Combo-Fix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox\Conditions générales.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox\Confidentialité.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox\Désinstaller.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox\InternetGameBox.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\InternetGameBox\Website.url
C:\Users\Public\Desktop\internetgamebox.lnk
c:\Users\Xavier\AppData\Local\snwpesopa.dat
c:\users\xavier\appdata\local\snwpesopa.exe
c:\Users\Xavier\AppData\Local\snwpesopa_nav.dat
c:\Users\Xavier\AppData\Local\snwpesopa_navps.dat
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\drivers\srosa.sys
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll
.
---- Previous Run -------
.
C:\Windows\system32\ACER.exe
C:\Windows\system32\drivers\downld
C:\Windows\system32\nvs2.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))))))))
.

2008-05-05 18:25 . 2008-05-05 18:25 172,280 --a------ C:\Users\Xavier\RtkBtMnt.exe
2008-05-05 17:02 . 2008-05-05 17:03 64,091 --a------ C:\Users\All Users\LUUnInstall.LiveUpdate
2008-05-05 17:02 . 2008-05-05 17:03 64,091 --a------ C:\PROGRA~2\LUUnInstall.LiveUpdate
2008-05-05 16:03 . 2008-05-05 16:03 <REP> d-------- C:\Program Files\Common Files\Borland Shared
2008-05-05 16:03 . 1999-01-20 05:01 210,032 --a------ C:\Windows\System32\DBCLIENT.DLL
2008-05-05 16:03 . 1999-11-12 05:11 183,808 --a------ C:\Windows\System32\BDEADMIN.CPL
2008-05-05 16:03 . 2008-05-05 19:50 13,030 --a------ C:\PDOXUSRS.NET
2008-05-05 16:02 . 2008-05-05 16:02 <REP> d-------- C:\Program Files\ZebHelpProcess 2
2008-05-05 15:58 . 2008-05-05 15:59 5,875,681 --a------ C:\Program Files\ZebulonHP 2.26.zip
2008-05-05 13:10 . 2008-05-05 13:10 <REP> d-------- C:\Deckard
2008-05-05 13:10 . 2008-05-05 13:10 686,630 --a------ C:\Program Files\dss.exe
2008-05-05 13:08 . 2008-05-05 13:08 <REP> d-------- C:\Program Files\Trend Micro
2008-05-05 13:07 . 2008-05-05 13:08 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-05-05 12:33 . 2008-05-05 12:33 <REP> d-------- C:\Program Files\Alwil Software
2008-05-05 11:57 . 2008-05-05 11:57 22,625,616 --a------ C:\Program Files\avast.exe
2008-05-04 13:07 . 2008-05-04 21:49 28 --a------ C:\Windows\ODBC.INI
2008-05-03 20:45 . 2008-05-03 20:45 <REP> d-------- C:\Users\Xavier\AppData\Roaming\.BitTornado
2008-04-23 18:20 . 2008-04-23 18:20 <REP> d-------- C:\Users\Xavier\gamebox
2008-04-11 18:01 . 2008-04-11 18:02 <REP> d-------- C:\Users\All Users\Zylom
2008-04-11 18:01 . 2008-04-11 18:02 <REP> d-------- C:\PROGRA~2\Zylom
2008-04-09 03:03 . 2008-02-15 01:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 03:03 . 2008-02-19 07:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 03:03 . 2008-02-29 08:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 03:03 . 2008-02-29 08:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 03:03 . 2008-02-29 08:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 03:03 . 2008-02-29 08:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 03:03 . 2008-02-29 08:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 03:03 . 2008-02-29 08:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 03:03 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 02:35 . 2008-02-21 06:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 02:08 . 2008-02-29 06:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-09 02:08 . 2008-03-08 04:14 148,992 --a------ C:\Windows\System32\drivers\ks.sys
2008-04-09 02:08 . 2007-12-16 13:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-09 02:08 . 2007-12-16 13:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-07 11:12 . 2008-04-07 11:12 <REP> d-------- C:\Program Files\Ubisoft
2008-04-07 09:28 . 2008-04-07 10:58 4 --a------ C:\timestmp.tmp
2008-04-07 09:27 . 2008-04-07 10:33 53,248 --a------ C:\Windows\ipuninst.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 20:36 --------- d-----w C:\PROGRA~2\Symantec
2008-05-05 15:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-05 09:55 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-05 09:50 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-05 09:45 27,430 ----a-w C:\Users\Xavier\AppData\Roaming\nvModes.dat
2008-05-02 06:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 01:12 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 01:06 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-04-03 15:53 --------- d---a-w C:\PROGRA~2\TEMP
2008-04-02 19:01 --------- d-----w C:\Program Files\Atari
2008-03-16 15:44 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-03-16 14:56 --------- d-----w C:\Program Files\Bezerk
2008-03-16 14:18 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-07 07:53 --------- d-----w C:\Program Files\Acer GameZone
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-12 02:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-12 02:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-12 02:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-12 02:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-12 02:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-30 07:13 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-30 02:45 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2005-01-11 01:02 638976]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-26 03:46 1006264]
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-05-06 08:44 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-05-06 08:44 22696]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 14:53 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 14:53 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 14:53 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 11:21 772616]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 13:35 94208]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2005-01-11 01:02 638976]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"CloneCDTray"="D:\Application\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"DAEMON Tools"="D:\Application\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-26 04:17:00 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4027165178-2321027126-2958803462-1000]
"EnableNotificationsRef"=dword:00000005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C0B4CECA-9415-4C07-B5D9-AFA36EF6EFCA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5B8A61E7-A297-4725-86E2-940DDAD57A48}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{59DE5281-D76E-4158-8705-CF329C4E4652}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{C86DBA55-A3E3-4F9D-96E7-A08610EB6934}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{591B7591-8DE8-4098-A280-D02862ECEA2D}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{ED4F30AC-1B7B-4F19-AD50-1160F46CAFE8}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{8618C0CB-EAAA-4F9E-B420-AE75E239C7ED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC36C88C-BC80-467D-A7D5-8F1A8E437884}"= UDP:D:\JEUX\Chaos-League MS\ChaosLeagueEx.exe:Chaos-League-MS
"{7B1EB599-C87C-41B1-A823-3E851F57983E}"= TCP:D:\JEUX\Chaos-League MS\ChaosLeagueEx.exe:Chaos-League-MS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080429.001\IDSvix86.sys [2008-02-13 18:18]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 17:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 15:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 02:46]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 14:47]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 03:05]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dd7b2ff-05d2-11dd-ab18-001b3877ba9d}]
\shell\AutoRun\command - I:\InstallTomTomHOME.exe

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 08:48:56
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\runonce.exe
C:\Windows\System32\conime.exe
C:\Users\Xavier\Desktop\ELIBAGLA.%D8I%D8EB%D8%D8H.EXE
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-06 8:53:06 - machine was rebooted [Xavier]
ComboFix-quarantined-files.txt 2008-05-06 06:52:02

Pre-Run: 22,558,408,704 octets libres
Post-Run: 22,239,076,352 octets libres

213 --- E O F --- 2008-05-05 15:20:21

par contre je ne touve pas la commande executer pour "mrt"????!!!!je vous l ai dit je suis bidon en informatique...et je n ai franchement pas les moyens d amener mon pc à un informaticien...
Je fais des recherches de mon côté et j ai lu qu il fallait se déconnecter d internet pour éradiquer beagle....voous me le confirmais...
Voilà!!!!actuellement je ne vis que dans l attente de vous lire...et vous remercie grandement de nouveau...
1
Réponse 3 / 11
Utilisateur anonyme
 
demarrer/executer et MRT /F
1
Réponse 4 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
slt

bagle est coriace

essaye tout ceci:

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

-----------

Fais DEMARRER puis EXECUTER et tape mrt puis clique sur ok et suis la procedure

----------

* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

Si, dans le rapport,elibaga tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).

et ils mettront a jour elibaga dans les 48 heures ce qui permettra de virer le virus que tu as!!!

------------

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm

scan en ligne firefox

https://www.trendmicro.com/fr_fr/business.html
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
Utilisateur anonyme
 
salut j aurais bien fait un petit MBAM EN SANS ECHEC MOI......non?
0
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
combofix et elibaga son,t les deux plus performant pour virer bagle mais malwarebytes pourquoi pas!
0
Réponse 6 / 11
Utilisateur anonyme
 
oui je me dis que meme si on lui mange 1o ca lui fera ca en moins de defense .....lol
0
Réponse 7 / 11
gogul1902 Messages postés 4 Statut Membre 1
 
Salut...et merci...
mais j ai un probléme avec combofix...
il se lance parfaitement mais s arréte à l étape 31...
j ai consulté sur le net et il appert que ça doit aller plus loin...de toute façon je n 'ai pas le rapport!!!
j espére que vouspourrez m aider....
pour donner dans la médiocrité...je suis dessus depuis 6h37 du matin!!!*
de l aide!!!!!!!!!!!!!!!!!!!
0
Réponse 8 / 11
Utilisateur anonyme
 
pour une fois qu il y en a un qui me donne raison.......................
0
Réponse 9 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
Fais DEMARRER puis EXECUTER et tape mrt puis clique sur ok et suis la procedure

----------

* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

Si, dans le rapport,elibaga tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).

et ils mettront a jour elibaga dans les 48 heures ce qui permettra de virer le virus que tu as!!!

------------

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm

scan en ligne firefox

https://www.trendmicro.com/fr_fr/business.html
0
Réponse 10 / 11
gogul1902 Messages postés 4 Statut Membre 1
 
Salut jlpjlp!!!!
Grace à tes conseil j ai enfin réussi à installer un anti virus avira antivir plus exactement et il m a fourni un rapport!!!
De plus je n ai pas la commande exécuter sur mon ordi et pourtant j ai cherché!!!!
et le "fichier mrt" je n en ai pas!!!! tas une autre solution!!!!et dis moi s il te plait comment je peux faire pour m assurer que je n ai plus de virus!!!
Je te remercie pour la éniéme fois!!!!
0
Réponse 11 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
 
* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

Si, dans le rapport,elibaga tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).

et ils mettront a jour elibaga dans les 48 heures ce qui permettra de virer le virus que tu as!!!

------------

colle un rapport avec antivir que tu as mis

__________

puis

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0

Discussions similaires

infecté par Bagle
Substrat -
Substrat -

28 réponses
infection par bagle
justemoi -
Lyonnais92 -

6 réponses
Problème virus bagle, avast, pare feu bloqués
snake -
^^Marie^^ -

2 réponses
Infection BAGLE --> rapport FINDYKILL
extrapitou -
gen-hackman -

28 réponses