!!trop de cid!!besoin d'aide! raport hi-jack.

Résolu

arkane69 Messages postés 358 Statut Membre -
arkane69 Messages postés 358 Statut Membre - 5 nov. 2008 à 03:12

Bonjour,
je suis novice sur vista et j'ai un gros probleme de cid en tous genre (poker, voyance, etc..)
suis-je infecté par un virus???
ma configu: antivir, malwerbite, avg antispyware
je joint le rapport hi-jack.
par avance merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:58, on 04/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Itch ford four knob] "C:\ProgramData\Dent Intra Obj.b1qr4m"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Afficher la suite

A voir également:

!!trop de cid!!besoin d'aide! raport hi-jack.
Problème prise jack manette ps5 - Forum Casque et écouteurs
Branchement prise jack 3 fils ✓ - Forum Audio
Faux contact casque audio prise jack ✓ - Forum Casque et écouteurs
Réparer prise jack femelle - Forum LG
Brancher enceinte sur tv avec prise jack - Forum Enceintes / HiFi

20 réponses

Réponse 1 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Salut,

---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac

---> Télécharge Lop S&D sur ton Bureau.
---> Double-clique dessus pour lancer l'installation.
---> Clique droit sur le raccourci Lop S&D présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.
---> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
---> Patiente jusqu'à la fin du scan.
---> Poste le rapport généré (C:\lopR.txt).

arkane69 Messages postés 358 Statut Membre 10

salut destrio5
merci pour ta reponse rapide. :)
c desactivé.....

arkane69 Messages postés 358 Statut Membre 10

voila le rapport...

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3500+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : boon ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:71 Go (Free:15 Go)
D:\ (Local Disk) - NTFS - Total:70 Go (Free:70 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 04/11/2008|18:32 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[28/12/2007|04:30] C:\Users\boon\AppData\Local\Adobe
[28/12/2007|04:05] C:\Users\boon\AppData\Local\Application Data
[19/03/2008|04:14] C:\Users\boon\AppData\Local\Apps
[28/10/2008|03:28] C:\Users\boon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[29/12/2007|17:31] C:\Users\boon\AppData\Local\GDIPFONTCACHEV1.DAT
[13/08/2008|05:23] C:\Users\boon\AppData\Local\Google
[28/12/2007|04:05] C:\Users\boon\AppData\Local\Historique
[04/11/2008|18:22] C:\Users\boon\AppData\Local\IconCache.db
[25/04/2008|03:54] C:\Users\boon\AppData\Local\Microsoft
[29/12/2007|23:07] C:\Users\boon\AppData\Local\Microsoft Games
[28/12/2007|18:17] C:\Users\boon\AppData\Local\Microsoft Help
[05/02/2008|16:46] C:\Users\boon\AppData\Local\Mozilla
[31/10/2008|12:53] C:\Users\boon\AppData\Local\PokerStars
[28/12/2007|17:35] C:\Users\boon\AppData\Local\PowerCinema
[17/02/2008|18:53] C:\Users\boon\AppData\Local\Sony
[04/11/2008|18:29] C:\Users\boon\AppData\Local\Temp
[28/12/2007|04:05] C:\Users\boon\AppData\Local\Temporary Internet Files
[29/12/2007|23:39] C:\Users\boon\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[04/11/2008 18:24][--a------] C:\Windows\tasks\Maintenance en 1 clic.job
[04/11/2008 05:51][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FEBAD639-0E84-46FD-B088-5DF02EC82687}.job
[04/11/2008 18:24][--ah-----] C:\Windows\tasks\SA.DAT
[04/11/2008 18:23][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[05/02/2008|17:33] C:\ProgramData\addr_file.html
[26/12/2006|00:10] C:\ProgramData\Adobe
[02/11/2006|13:59] C:\ProgramData\Application Data
[22/03/2008|21:37] C:\ProgramData\Avira
[16/02/2008|15:58] C:\ProgramData\Azureus
[28/12/2007|04:01] C:\ProgramData\Bureau
[16/02/2008|19:49] C:\ProgramData\CyberLink
[28/02/2008|17:49] C:\ProgramData\Dent Intra Obj.b1qr4m
[02/11/2006|13:59] C:\ProgramData\Desktop
[02/11/2006|13:59] C:\ProgramData\Documents
[28/12/2007|04:01] C:\ProgramData\Favoris
[02/11/2006|13:59] C:\ProgramData\Favorites
[04/11/2008|14:48] C:\ProgramData\Google Updater
[22/03/2008|20:24] C:\ProgramData\Grisoft
[28/12/2007|04:19] C:\ProgramData\InstallShield
[05/07/2008|21:40] C:\ProgramData\Malwarebytes
[28/12/2007|04:01] C:\ProgramData\Menu D‚marrer
[29/12/2007|17:38] C:\ProgramData\Microsoft
[16/10/2008|02:06] C:\ProgramData\Microsoft Help
[28/12/2007|04:01] C:\ProgramData\ModŠles
[28/12/2007|06:01] C:\ProgramData\NtiDvdCopy
[01/10/2008|20:31] C:\ProgramData\ntuser.pol
[04/11/2008|03:15] C:\ProgramData\NVIDIA
[25/03/2008|16:49] C:\ProgramData\OrbNetworks
[31/03/2008|13:22] C:\ProgramData\save info info.03lporq
[31/03/2008|14:49] C:\ProgramData\save info info.0dx7p1
[31/03/2008|18:06] C:\ProgramData\save info info.3p0o7v
[31/03/2008|02:40] C:\ProgramData\save info info.515tkj
[31/03/2008|16:17] C:\ProgramData\save info info.64c7r
[31/03/2008|03:02] C:\ProgramData\save info info.6hcmfn
[31/03/2008|16:38] C:\ProgramData\save info info.9oumu
[28/02/2008|17:49] C:\ProgramData\save info info.a1yd8wp
[28/02/2008|17:27] C:\ProgramData\save info info.acmg8
[31/03/2008|17:00] C:\ProgramData\save info info.afspln
[31/03/2008|02:18] C:\ProgramData\save info info.cbtes
[28/02/2008|17:49] C:\ProgramData\save info info.e654nin
[31/03/2008|15:55] C:\ProgramData\save info info.emezl
[31/03/2008|15:11] C:\ProgramData\save info info.fmjo9p
[31/03/2008|17:44] C:\ProgramData\save info info.hw4xf
[31/03/2008|13:44] C:\ProgramData\save info info.j9ked
[31/03/2008|14:06] C:\ProgramData\save info info.jh424rb
[31/03/2008|15:33] C:\ProgramData\save info info.jvx875
[31/03/2008|14:27] C:\ProgramData\save info info.nm23o
[31/03/2008|10:19] C:\ProgramData\save info info.pakwcp
[31/03/2008|12:38] C:\ProgramData\save info info.pkmfs
[31/03/2008|13:00] C:\ProgramData\save info info.pqub2
[31/03/2008|03:24] C:\ProgramData\save info info.rvkcj9
[31/03/2008|17:22] C:\ProgramData\save info info.smnmy2
[31/03/2008|12:38] C:\ProgramData\size bin dale
[22/03/2008|20:42] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:59] C:\ProgramData\Start Menu
[05/02/2008|17:18] C:\ProgramData\Symantec
[02/11/2006|13:59] C:\ProgramData\Templates
[28/02/2008|17:49] C:\ProgramData\third lies itch ford
[22/03/2008|22:01] C:\ProgramData\TuneUp Software
[27/07/2008|12:16] C:\ProgramData\WindowsSearch
[03/02/2008|20:50] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[05/09/2008|17:29] C:\Program Files\AbiSuite2
[28/12/2007|07:11] C:\Program Files\ACDSee32
[28/12/2007|04:19] C:\Program Files\Acer Inc
[06/03/2008|04:47] C:\Program Files\Acoustica Beatcraft
[26/12/2006|00:10] C:\Program Files\Adobe
[19/03/2008|05:05] C:\Program Files\Alwil Software
[22/03/2008|21:37] C:\Program Files\Avira
[29/10/2008|13:48] C:\Program Files\Azureus
[16/03/2008|20:09] C:\Program Files\Borland
[05/02/2008|21:16] C:\Program Files\CCleaner
[05/09/2008|17:18] C:\Program Files\Common Files
[26/12/2006|00:18] C:\Program Files\CyberLink
[02/07/2008|04:43] C:\Program Files\EoRezo
[28/12/2007|04:01] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[22/03/2008|22:56] C:\Program Files\Freeplayer
[29/10/2008|13:50] C:\Program Files\Full Tilt Poker
[02/08/2008|02:35] C:\Program Files\Google
[22/03/2008|21:46] C:\Program Files\Grisoft
[29/10/2008|13:50] C:\Program Files\InstallShield Installation Information
[19/07/2008|03:47] C:\Program Files\Internet Explorer
[10/03/2008|17:08] C:\Program Files\Java
[03/11/2008|21:46] C:\Program Files\LimeWire
[24/10/2008|02:02] C:\Program Files\Malwarebytes' Anti-Malware
[02/11/2006|13:35] C:\Program Files\Microsoft Games
[28/12/2007|18:21] C:\Program Files\Microsoft Office
[02/02/2008|18:13] C:\Program Files\Microsoft SQL Server Compact Edition
[28/12/2007|18:21] C:\Program Files\Microsoft Visual Studio
[28/12/2007|18:21] C:\Program Files\Microsoft Works
[28/12/2007|18:20] C:\Program Files\Microsoft.NET
[19/07/2008|03:47] C:\Program Files\Movie Maker
[04/11/2008|18:25] C:\Program Files\Mozilla Firefox
[02/11/2006|13:35] C:\Program Files\MSBuild
[01/10/2008|20:37] C:\Program Files\MSN Messenger
[31/01/2008|03:35] C:\Program Files\MSXML 4.0
[17/02/2008|19:47] C:\Program Files\Music Mixer 4
[26/12/2006|00:14] C:\Program Files\NewTech Infosystems
[24/08/2008|00:41] C:\Program Files\PokerAcademyPro2
[03/09/2008|15:49] C:\Program Files\PokerStars
[28/12/2007|04:08] C:\Program Files\Realtek
[02/11/2006|13:35] C:\Program Files\Reference Assemblies
[17/02/2008|18:35] C:\Program Files\Sony Setup
[22/03/2008|21:11] C:\Program Files\Spybot - Search & Destroy
[04/11/2008|18:04] C:\Program Files\Trend Micro
[02/11/2006|13:58] C:\Program Files\Uninstall Information
[05/02/2008|21:09] C:\Program Files\VideoLAN
[28/12/2007|07:04] C:\Program Files\VLS
[01/10/2008|20:38] C:\Program Files\Winamp
[25/03/2008|16:49] C:\Program Files\Winamp Remote
[19/07/2008|03:47] C:\Program Files\Windows Calendar
[19/07/2008|03:47] C:\Program Files\Windows Collaboration
[19/07/2008|03:47] C:\Program Files\Windows Defender
[01/10/2008|20:37] C:\Program Files\Windows Live
[05/02/2008|16:31] C:\Program Files\Windows Live Toolbar
[16/10/2008|03:32] C:\Program Files\Windows Mail
[19/07/2008|03:47] C:\Program Files\Windows Media Player
[28/12/2007|04:01] C:\Program Files\Windows NT
[19/07/2008|03:47] C:\Program Files\Windows Photo Gallery
[19/07/2008|03:47] C:\Program Files\Windows Sidebar
[16/06/2008|19:41] C:\Program Files\WinRAR
[05/02/2008|16:33] C:\Program Files\Yahoo!
[30/08/2008|03:56] C:\Program Files\YesMessenger

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[26/12/2006|00:10] C:\Program Files\Common Files\Adobe
[19/03/2008|04:57] C:\Program Files\Common Files\BitDefender
[28/12/2007|18:21] C:\Program Files\Common Files\DESIGNER
[28/12/2007|04:18] C:\Program Files\Common Files\InstallShield
[05/02/2008|21:17] C:\Program Files\Common Files\Java
[26/12/2006|00:13] C:\Program Files\Common Files\LightScribe
[09/04/2008|18:58] C:\Program Files\Common Files\microsoft shared
[26/12/2006|00:14] C:\Program Files\Common Files\NewTech Infosystems
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[05/02/2008|17:20] C:\Program Files\Common Files\Symantec Shared
[19/07/2008|03:47] C:\Program Files\Common Files\System
[31/01/2008|15:52] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 61 Processes )

iexplore.exe ~ [PID:3012]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\save info info.64c7r
C:\ProgramData\save info info.9oumu
C:\ProgramData\save info info.acmg8
C:\ProgramData\save info info.cbtes
C:\ProgramData\save info info.emezl
C:\ProgramData\save info info.hw4xf
C:\ProgramData\save info info.j9ked
C:\ProgramData\save info info.nm23o
C:\ProgramData\save info info.pkmfs
C:\ProgramData\save info info.pqub2
C:\ProgramData\Dent Intra Obj.b1qr4m
C:\ProgramData\save info info.0dx7p1
C:\ProgramData\save info info.3p0o7v
C:\ProgramData\save info info.515tkj
C:\ProgramData\save info info.6hcmfn
C:\ProgramData\save info info.afspln
C:\ProgramData\save info info.fmjo9p
C:\ProgramData\save info info.jvx875
C:\ProgramData\save info info.pakwcp
C:\ProgramData\save info info.rvkcj9
C:\ProgramData\save info info.smnmy2
C:\ProgramData\save info info.03lporq
C:\ProgramData\save info info.a1yd8wp
C:\ProgramData\save info info.e654nin
C:\ProgramData\save info info.jh424rb

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\third lies itch ford
C:\ProgramData\third lies itch ford\time city.exe

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Itch ford four knob"="\"C:\\ProgramData\\Dent Intra Obj.b1qr4m\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 18:33:09
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\boon\AppData\Roaming\Microsoft\Windows\Recent\crack.lnk
C:\Users\boon\AppData\Roaming\Microsoft\Windows\Recent\POKER ACADEMY PRO v2.5 + Crack.lnk

[F:19][D:7]-> C:\Users\boon\AppData\Local\Temp
[F:30][D:1]-> C:\Users\boon\AppData\Roaming\MICROS~1\Windows\Cookies
[F:586][D:4]-> C:\Users\boon\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:9][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 04/11/2008|18:34 - Option : [1]

--------------------\\ Fin du rapport a 18:34:32
[ UAC => 1 ]

Réponse 2 / 20

.:.:Thomas:.:. Messages postés 300 Statut Membre 58

Les pubs CiD sont des infections provoquées par un téléchargement gratuit, et c'est justement pour ça qu'il l'est.

http://www.commentcamarche.net/faq/sujet 5996 comment bloquer les fenetres cid

Salut !

arkane69 Messages postés 358 Statut Membre 10

merci pour l'info thomas ;)

Réponse 3 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

---> Relance Lop S&D (en tant qu'administrateur).
---> Choisis cette fois-ci l'option 2 (Suppression).
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt).

arkane69 Messages postés 358 Statut Membre 10

voici le second rapport....

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3500+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : boon ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:71 Go (Free:15 Go)
D:\ (Local Disk) - NTFS - Total:70 Go (Free:70 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 04/11/2008|18:39 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\third lies itch ford\time city.exe
Supprime! - C:\ProgramData\save info info.64c7r
Supprime! - C:\ProgramData\save info info.9oumu
Supprime! - C:\ProgramData\save info info.acmg8
Supprime! - C:\ProgramData\save info info.cbtes
Supprime! - C:\ProgramData\save info info.emezl
Supprime! - C:\ProgramData\save info info.hw4xf
Supprime! - C:\ProgramData\save info info.j9ked
Supprime! - C:\ProgramData\save info info.nm23o
Supprime! - C:\ProgramData\save info info.pkmfs
Supprime! - C:\ProgramData\save info info.pqub2
Supprime! - C:\ProgramData\Dent Intra Obj.b1qr4m
Supprime! - C:\ProgramData\save info info.0dx7p1
Supprime! - C:\ProgramData\save info info.3p0o7v
Supprime! - C:\ProgramData\save info info.515tkj
Supprime! - C:\ProgramData\save info info.6hcmfn
Supprime! - C:\ProgramData\save info info.afspln
Supprime! - C:\ProgramData\save info info.fmjo9p
Supprime! - C:\ProgramData\save info info.jvx875
Supprime! - C:\ProgramData\save info info.pakwcp
Supprime! - C:\ProgramData\save info info.rvkcj9
Supprime! - C:\ProgramData\save info info.smnmy2
Supprime! - C:\ProgramData\save info info.03lporq
Supprime! - C:\ProgramData\save info info.a1yd8wp
Supprime! - C:\ProgramData\save info info.e654nin
Supprime! - C:\ProgramData\save info info.jh424rb
Supprime! - C:\ProgramData\third lies itch ford
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[28/12/2007|04:30] C:\Users\boon\AppData\Local\Adobe
[28/12/2007|04:05] C:\Users\boon\AppData\Local\Application Data
[19/03/2008|04:14] C:\Users\boon\AppData\Local\Apps
[28/10/2008|03:28] C:\Users\boon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[29/12/2007|17:31] C:\Users\boon\AppData\Local\GDIPFONTCACHEV1.DAT
[13/08/2008|05:23] C:\Users\boon\AppData\Local\Google
[28/12/2007|04:05] C:\Users\boon\AppData\Local\Historique
[04/11/2008|18:22] C:\Users\boon\AppData\Local\IconCache.db
[25/04/2008|03:54] C:\Users\boon\AppData\Local\Microsoft
[29/12/2007|23:07] C:\Users\boon\AppData\Local\Microsoft Games
[28/12/2007|18:17] C:\Users\boon\AppData\Local\Microsoft Help
[05/02/2008|16:46] C:\Users\boon\AppData\Local\Mozilla
[31/10/2008|12:53] C:\Users\boon\AppData\Local\PokerStars
[28/12/2007|17:35] C:\Users\boon\AppData\Local\PowerCinema
[17/02/2008|18:53] C:\Users\boon\AppData\Local\Sony
[04/11/2008|18:39] C:\Users\boon\AppData\Local\Temp
[28/12/2007|04:05] C:\Users\boon\AppData\Local\Temporary Internet Files
[29/12/2007|23:39] C:\Users\boon\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[04/11/2008 18:24][--a------] C:\Windows\tasks\Maintenance en 1 clic.job
[04/11/2008 05:51][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FEBAD639-0E84-46FD-B088-5DF02EC82687}.job
[04/11/2008 18:24][--ah-----] C:\Windows\tasks\SA.DAT
[04/11/2008 18:23][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[05/02/2008|17:33] C:\ProgramData\addr_file.html
[26/12/2006|00:10] C:\ProgramData\Adobe
[02/11/2006|13:59] C:\ProgramData\Application Data
[22/03/2008|21:37] C:\ProgramData\Avira
[16/02/2008|15:58] C:\ProgramData\Azureus
[28/12/2007|04:01] C:\ProgramData\Bureau
[16/02/2008|19:49] C:\ProgramData\CyberLink
[02/11/2006|13:59] C:\ProgramData\Desktop
[02/11/2006|13:59] C:\ProgramData\Documents
[28/12/2007|04:01] C:\ProgramData\Favoris
[02/11/2006|13:59] C:\ProgramData\Favorites
[04/11/2008|14:48] C:\ProgramData\Google Updater
[22/03/2008|20:24] C:\ProgramData\Grisoft
[28/12/2007|04:19] C:\ProgramData\InstallShield
[05/07/2008|21:40] C:\ProgramData\Malwarebytes
[28/12/2007|04:01] C:\ProgramData\Menu D‚marrer
[29/12/2007|17:38] C:\ProgramData\Microsoft
[16/10/2008|02:06] C:\ProgramData\Microsoft Help
[28/12/2007|04:01] C:\ProgramData\ModŠles
[28/12/2007|06:01] C:\ProgramData\NtiDvdCopy
[01/10/2008|20:31] C:\ProgramData\ntuser.pol
[04/11/2008|03:15] C:\ProgramData\NVIDIA
[25/03/2008|16:49] C:\ProgramData\OrbNetworks
[31/03/2008|12:38] C:\ProgramData\size bin dale
[22/03/2008|20:42] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:59] C:\ProgramData\Start Menu
[05/02/2008|17:18] C:\ProgramData\Symantec
[02/11/2006|13:59] C:\ProgramData\Templates
[22/03/2008|22:01] C:\ProgramData\TuneUp Software
[27/07/2008|12:16] C:\ProgramData\WindowsSearch
[03/02/2008|20:50] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[05/09/2008|17:29] C:\Program Files\AbiSuite2
[28/12/2007|07:11] C:\Program Files\ACDSee32
[28/12/2007|04:19] C:\Program Files\Acer Inc
[06/03/2008|04:47] C:\Program Files\Acoustica Beatcraft
[26/12/2006|00:10] C:\Program Files\Adobe
[19/03/2008|05:05] C:\Program Files\Alwil Software
[22/03/2008|21:37] C:\Program Files\Avira
[29/10/2008|13:48] C:\Program Files\Azureus
[16/03/2008|20:09] C:\Program Files\Borland
[05/02/2008|21:16] C:\Program Files\CCleaner
[05/09/2008|17:18] C:\Program Files\Common Files
[26/12/2006|00:18] C:\Program Files\CyberLink
[02/07/2008|04:43] C:\Program Files\EoRezo
[28/12/2007|04:01] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[22/03/2008|22:56] C:\Program Files\Freeplayer
[29/10/2008|13:50] C:\Program Files\Full Tilt Poker
[02/08/2008|02:35] C:\Program Files\Google
[22/03/2008|21:46] C:\Program Files\Grisoft
[29/10/2008|13:50] C:\Program Files\InstallShield Installation Information
[19/07/2008|03:47] C:\Program Files\Internet Explorer
[10/03/2008|17:08] C:\Program Files\Java
[03/11/2008|21:46] C:\Program Files\LimeWire
[24/10/2008|02:02] C:\Program Files\Malwarebytes' Anti-Malware
[02/11/2006|13:35] C:\Program Files\Microsoft Games
[28/12/2007|18:21] C:\Program Files\Microsoft Office
[02/02/2008|18:13] C:\Program Files\Microsoft SQL Server Compact Edition
[28/12/2007|18:21] C:\Program Files\Microsoft Visual Studio
[28/12/2007|18:21] C:\Program Files\Microsoft Works
[28/12/2007|18:20] C:\Program Files\Microsoft.NET
[19/07/2008|03:47] C:\Program Files\Movie Maker
[04/11/2008|18:25] C:\Program Files\Mozilla Firefox
[02/11/2006|13:35] C:\Program Files\MSBuild
[01/10/2008|20:37] C:\Program Files\MSN Messenger
[31/01/2008|03:35] C:\Program Files\MSXML 4.0
[17/02/2008|19:47] C:\Program Files\Music Mixer 4
[26/12/2006|00:14] C:\Program Files\NewTech Infosystems
[24/08/2008|00:41] C:\Program Files\PokerAcademyPro2
[03/09/2008|15:49] C:\Program Files\PokerStars
[28/12/2007|04:08] C:\Program Files\Realtek
[02/11/2006|13:35] C:\Program Files\Reference Assemblies
[17/02/2008|18:35] C:\Program Files\Sony Setup
[22/03/2008|21:11] C:\Program Files\Spybot - Search & Destroy
[04/11/2008|18:04] C:\Program Files\Trend Micro
[02/11/2006|13:58] C:\Program Files\Uninstall Information
[05/02/2008|21:09] C:\Program Files\VideoLAN
[28/12/2007|07:04] C:\Program Files\VLS
[01/10/2008|20:38] C:\Program Files\Winamp
[25/03/2008|16:49] C:\Program Files\Winamp Remote
[19/07/2008|03:47] C:\Program Files\Windows Calendar
[19/07/2008|03:47] C:\Program Files\Windows Collaboration
[19/07/2008|03:47] C:\Program Files\Windows Defender
[01/10/2008|20:37] C:\Program Files\Windows Live
[05/02/2008|16:31] C:\Program Files\Windows Live Toolbar
[16/10/2008|03:32] C:\Program Files\Windows Mail
[19/07/2008|03:47] C:\Program Files\Windows Media Player
[28/12/2007|04:01] C:\Program Files\Windows NT
[19/07/2008|03:47] C:\Program Files\Windows Photo Gallery
[19/07/2008|03:47] C:\Program Files\Windows Sidebar
[16/06/2008|19:41] C:\Program Files\WinRAR
[05/02/2008|16:33] C:\Program Files\Yahoo!
[30/08/2008|03:56] C:\Program Files\YesMessenger

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[26/12/2006|00:10] C:\Program Files\Common Files\Adobe
[19/03/2008|04:57] C:\Program Files\Common Files\BitDefender
[28/12/2007|18:21] C:\Program Files\Common Files\DESIGNER
[28/12/2007|04:18] C:\Program Files\Common Files\InstallShield
[05/02/2008|21:17] C:\Program Files\Common Files\Java
[26/12/2006|00:13] C:\Program Files\Common Files\LightScribe
[09/04/2008|18:58] C:\Program Files\Common Files\microsoft shared
[26/12/2006|00:14] C:\Program Files\Common Files\NewTech Infosystems
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[05/02/2008|17:20] C:\Program Files\Common Files\Symantec Shared
[19/07/2008|03:47] C:\Program Files\Common Files\System
[31/01/2008|15:52] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 63 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 18:39:36
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\boon\AppData\Roaming\Microsoft\Windows\Recent\crack.lnk
C:\Users\boon\AppData\Roaming\Microsoft\Windows\Recent\POKER ACADEMY PRO v2.5 + Crack.lnk

[F:19][D:7]-> C:\Users\boon\AppData\Local\Temp
[F:30][D:1]-> C:\Users\boon\AppData\Roaming\MICROS~1\Windows\Cookies
[F:586][D:4]-> C:\Users\boon\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:9][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 04/11/2008|18:34 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 04/11/2008|18:40 - Option : [2]

--------------------\\ Fin du rapport a 18:40:42
[ UAC => 1 ]

Réponse 4 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

---> Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur le Bureau :
http://images.malwareremoval.com/random/RSIT.exe
---> Double-clique sur RSIT.exe afin de lancer le programme.
---> Clique sur Continue à l'écran Disclaimer.
---> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
---> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit

arkane69 Messages postés 358 Statut Membre 10

voici le premier rapport...

info.txt logfile of random's system information tool 1.04 2008-11-04 19:01:35

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ACDSee 32-->C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eDataSecurity Management-->MsiExec.exe /X{AEEAE013-92F1-4515-B278-139F1A692A36}
Acer eMode Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Acoustica Beatcraft-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKR /dll OSETUP.DLL
Microsoft Office Outlook 2007-->MsiExec.exe /X{91120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VLSHOW-->C:\Windows\unin040c.exe -f"C:\Program Files\VLS\VLSHOW\DeIsL1.isu" -c"C:\Program Files\VLS\VLSHOW\_ISREG32.DLL"
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by boon at 2008-11-04 19:01:10
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 16 GB (22%) free of 73 GB
Total RAM: 767 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:29, on 04/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\boon\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\boon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6465 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Maintenance en 1 clic.job
C:\Windows\tasks\User_Feed_Synchronization-{FEBAD639-0E84-46FD-B088-5DF02EC82687}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-13 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-20 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-20 92704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"????r"= []
"?????????"=??????????????e []
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-01-07 495616]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5222012-eb2e-11dc-ba58-001921e622ff}]
shell\Auto\command - J:\AdobeR.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\AdobeR.exe e

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-11-04 19:01:10 ----D---- C:\rsit
2008-11-04 19:01:10 ----D---- \rsit
2008-11-04 18:32:47 ----A---- C:\lopR.txt
2008-11-04 18:32:47 ----A---- \lopR.txt
2008-11-04 18:30:13 ----D---- C:\Lop SD
2008-11-04 18:30:13 ----D---- \Lop SD
2008-11-04 18:04:27 ----D---- C:\Program Files\Trend Micro
2008-10-29 05:25:37 ----A---- C:\Windows\system32\wersvc.dll
2008-10-29 05:25:37 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-29 05:25:35 ----A---- C:\Windows\system32\win32spl.dll
2008-10-23 19:51:21 ----A---- C:\Windows\system32\netapi32.dll
2008-10-15 18:16:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-15 18:16:33 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-15 18:16:29 ----A---- C:\Windows\system32\mshtml.dll
2008-10-15 18:16:28 ----A---- C:\Windows\system32\ieframe.dll
2008-10-15 18:16:26 ----A---- C:\Windows\system32\wininet.dll
2008-10-15 18:16:26 ----A---- C:\Windows\system32\urlmon.dll
2008-10-15 18:16:26 ----A---- C:\Windows\system32\iertutil.dll
2008-10-15 18:16:25 ----A---- C:\Windows\system32\mstime.dll
2008-10-15 18:16:24 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-13 20:41:52 ----D---- C:\Program Files\Full Tilt Poker

======List of files/folders modified in the last 1 months======

2008-11-04 19:01:21 ----D---- C:\Windows\Prefetch
2008-11-04 19:01:08 ----D---- C:\Windows\Temp
2008-11-04 18:39:24 ----HD---- C:\ProgramData
2008-11-04 18:39:24 ----HD---- \ProgramData
2008-11-04 18:31:43 ----D---- C:\Windows\System32
2008-11-04 18:31:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-04 18:31:42 ----D---- C:\Windows\inf
2008-11-04 18:25:45 ----D---- C:\Program Files\Mozilla Firefox
2008-11-04 18:04:27 ----RD---- C:\Program Files
2008-11-04 18:04:27 ----RD---- \Program Files
2008-11-04 14:48:21 ----D---- C:\ProgramData\Google Updater
2008-11-04 14:06:39 ----SHD---- C:\System Volume Information
2008-11-04 14:06:39 ----SHD---- \System Volume Information
2008-11-04 03:15:17 ----D---- C:\ProgramData\NVIDIA
2008-11-04 03:14:52 ----D---- C:\Windows
2008-11-04 03:14:52 ----D---- \Windows
2008-11-03 21:46:43 ----D---- C:\Program Files\LimeWire
2008-11-02 03:01:57 ----D---- C:\Windows\system32\drivers
2008-11-02 03:01:48 ----D---- C:\Windows\system32\catroot
2008-10-29 13:50:30 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 13:48:18 ----D---- C:\Program Files\Azureus
2008-10-29 13:16:47 ----D---- C:\Windows\winsxs
2008-10-29 05:24:53 ----D---- C:\Windows\system32\catroot2
2008-10-24 02:02:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 01:58:57 ----D---- C:\Windows\Debug
2008-10-16 03:32:05 ----D---- C:\Program Files\Windows Mail
2008-10-16 03:32:02 ----D---- C:\Windows\system32\migration
2008-10-16 02:06:34 ----SHD---- C:\Windows\Installer
2008-10-16 02:06:34 ----D---- C:\ProgramData\Microsoft Help
2008-10-07 20:19:40 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys [2007-05-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\Windows\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-07-19 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-06-04 52032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-26 6144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-20 7468128]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 194560]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-11-12 24576]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe [2006-11-25 274520]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe [2006-11-25 118870]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-12-08 45056]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-13 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-20 118784]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-11-25 262247]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
C:\ProgramData\size bin dale
C:\Program Files\EoRezo
C:\Lop SD
C:\lopR.txt

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"????r"=-
"?????????"=-
"ISUSPM Startup"=-

:commands
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

arkane69 Messages postés 358 Statut Membre 10

rebonjour,
desolé pour l'attente, un imponderable.
ci-joint le rapport...

========== FILES ==========
C:\ProgramData\size bin dale moved successfully.
C:\Program Files\EoRezo\EoAdv\tmp moved successfully.
C:\Program Files\EoRezo\EoAdv moved successfully.
C:\Program Files\EoRezo moved successfully.
C:\Lop SD\Backup-Lop\Reg moved successfully.
C:\Lop SD\Backup-Lop\ProgramData\third lies itch ford moved successfully.
C:\Lop SD\Backup-Lop\ProgramData moved successfully.
C:\Lop SD\Backup-Lop\Hosts moved successfully.
C:\Lop SD\Backup-Lop moved successfully.
Folder move failed. C:\Lop SD scheduled to be moved on reboot.
C:\lopR.txt moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\????r not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\????????? not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\boon\AppData\Local\Temp\etilqs_8jAGTNoq2luzThdd5tnv scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11042008_194236

Files moved on Reboot...
C:\Lop SD moved successfully.
File C:\Users\boon\AppData\Local\Temp\etilqs_8jAGTNoq2luzThdd5tnv not found!
C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\Cache\_CACHE_001_ moved successfully.
C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\Cache\_CACHE_002_ moved successfully.
C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\Cache\_CACHE_003_ moved successfully.
C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\urlclassifier3.sqlite moved successfully.
C:\Users\boon\AppData\Local\Mozilla\Firefox\Profiles\px47ybcd.default\XUL.mfl moved successfully.

Réponse 6 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Clique droit sur le raccourci UsbFix qui est sur ton Bureau et choisis Exécuter en tant qu'administrateur.

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

arkane69 Messages postés 358 Statut Membre 10

de nouveau desolé pour le retard mais probleme au re-demarage, impossible de lancé vista, mais bon finalement...
voici le rapport:

-------------- UsbFix V2.395 ---------------

* User : boon - PC-DE-BOON
* Outils mis a jours le 03/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 1:11:29 le 05/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Users\boon\AppData\Local\Temp\CF30.tmp\b2e.exe
C:\Windows\system32\conime.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
D: - Lecteur fixe

--------------- [ Registre / Startup ] ----------------

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
RtHDVCpl REG_SZ RtHDVCpl.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
????r REG_SZ
????????? REG_SZ ??????????????e
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Orb REG_SZ "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5222012-eb2e-11dc-ba58-001921e622ff}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[18/09/2006 22:43][--a------] C:\autoexec.bat

--------------- ! Fin du rapport ! ----------------

Réponse 7 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

"impossible de lancé vista, mais bon finalement..."
---> Il se passe quoi ?

arkane69 Messages postés 358 Statut Membre 10

au redemarage, arrivé dans le bios et impossible d'en sortire.
j'ai due finalement debranché mes periferique usb pour pouvoir re-lancer vista.

Réponse 8 / 20

arkane69 Messages postés 358 Statut Membre 10

pensse tu que je doive refaire la manip???

Réponse 9 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

---> Désinstalle UsbFix.

---> Poste un nouveau rapport HijackThis.

arkane69 Messages postés 358 Statut Membre 10

voici le rapport hi-jack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:29:20, on 05/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 10 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp

---> Mets à jour Adobe Reader :
https://get2.adobe.com/reader/otherversions/

---> Supprime les traces de Norton avec ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

---> Poste un nouveau rapport HijackThis.

arkane69 Messages postés 358 Statut Membre 10

c'est fait, et voici le rapport hi-jack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:49:45, on 05/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 11 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [?????????] ??????????????e

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC et poste un nouveau rapport HijackThis.

Réponse 12 / 20

arkane69 Messages postés 358 Statut Membre 10

c'est fait mais au moment du scan de 'hi-jack this" ce message apparait:
for same reason your system denied write access to the host file. if any hijacked domain are in this file, "hi-jack this" may NOT be able to fixthis. if that happens, you need to edit the file yourself. etc etc...
que doi'je faire???
en attendent, voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:49:45, on 05/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 13 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Pour lancer HijackThis, clique droit sur le raccourci puis choisis Exécuter en tant qu'administrateur.

arkane69 Messages postés 358 Statut Membre 10

oups... toutes mes excuses :)
voici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:16:53, on 05/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 14 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Outils puis Démarrage.

As-tu une ligne avec des ???? ?

arkane69 Messages postés 358 Statut Membre 10

non. en revanche j'ai des lignes avec des signes chinois (ou japonais je ne sais pas!!)

Réponse 15 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

T'en as deux ?

arkane69 Messages postés 358 Statut Membre 10

oui 2, ca ce presente comme cela:
HKCU:run ........
HKCU:run ........ .............................

Réponse 16 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Coche les deux cases et appuie sur Effacer l'Entrée.

arkane69 Messages postés 358 Statut Membre 10

c'est fait.
ensuite??

Réponse 17 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Poste un nouveau rapport HijackThis.

arkane69 Messages postés 358 Statut Membre 10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:42:07, on 05/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 18 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Si tu n'as plus de problème, fais cette dernière étape :

---> Désinstalle HijackThis.

---> Supprime RSIT et Lop S&D.

---> Supprime les dossiers RSIT et Lop SD situés dans C:\

● Télécharge ATF Cleaner sur ton Bureau.
● Double-clique sur le programme.
● Coche Select All et clique sur le bouton Empty Selected.

Si tu utilises le navigateur Firefox :
● Clique Firefox en haut et coche : Select All.
● Clique sur Empty Selected.
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :
● Clique Opera en haut et coche : Select All.
● Clique sur Empty Selected.
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

● Clique sur Exit du menu prinicipal pour fermer le programme.

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://forums.cnetfrance.fr

arkane69 Messages postés 358 Statut Membre 10

merci beaucoup pour ton aide et ta patiente.
j'ai une derniere question,
as tu des conseille a me donné pour bien securisé mon PC?

Réponse 19 / 20

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Pense à réactiver l'UAC.

Il faut que tu sois plus vigilant.

arkane69 Messages postés 358 Statut Membre 10

oki merci :))) bonne nuit a toi ;)

Réponse 20 / 20

arkane69 Messages postés 358 Statut Membre 10

bon merci encore pour ton aide et un gros BIG UP pour toi destrio5 ;)
schuuuuuuuuuuuuuusssss

Discussions similaires

supprimer tor.jack android

Comment brancher des enceintes sur TV

Tor.Jack.Malware

je n'arrive pas a supprimer un virus sur mon téléphone

souder les 2 fils d'une enceinte sur une fiche jack male

!!trop de cid!!besoin d'aide! raport hi-jack.

20 réponses

Votre réponse

Discussions similaires

Newsletters